Additionally, newer passport covers are being lined with materials that
block RFID signals from being transmitted when the passport is closed,
exposing the document to attack only
when it is opened and displayed for a
security agent. Relatively inexpensive
signal-blocking sleeves (http://www.
rfid-shield.com/products.php) are also
available for RFID passports.
What information is Compromised?
Six pieces of information can be stolen
from the RFID chip on a U.S. passport:
your name, nationality, gender, date
of birth, place of birth, and a digitized
1 Numerous problems of
identity theft could arise from someone taking that information, but this
article focuses on the financial risk.
Banks in the U.S. require that applicants for credit cards submit their
Social Security numbers to be used for
background credit checks. Although
the passport RFID tag does not carry
your Social Security number, a perpetrator can use the information it does
contain to obtain your number.
The Social Security Administration’s Web site ( http://www.ssa.gov/
pubs/ 10002.html) requires one of three
proofs of identity for a U.S. citizen to
be issued a new Social Security card: a
driver’s license, state-issued non-driver
identity card, or passport. With the data
stolen from your passport’s RFID chip,
someone could create a copy of the
passport, then use this counterfeit one
to access a real copy of your Social Security card. With this card, the perpetrator is free to apply for a real copy of your
credit card, not to mention opening new
accounts in your name. This puts you
at a serious financial risk, all because
someone was able to eavesdrop on your
passport’s RFID communication.
To eavesdrop on your passport information, a perpetrator needs hardware
to capture the signal as it is being
scanned by a legitimate RFID reader,
such as those used by government officials at airports. He or she would then
need the time and technical capacity to
decrypt the signal into a usable form.
Finally, to reap any real benefits from
the stolen information, the attacker
must have all the materials necessary
to reproduce a passport. We can view
Six pieces of
be stolen from
the RFiD chip on
a u.S. passport:
date of birth,
place of birth,
and a digitized
this as a series of hurdles that the perpetrator must overcome, starting with
data capture, moving onto data recovery, and finally data reproduction.
Let us first focus on capturing the information from your passport, since it
is at that point in the event chain that
the vulnerabilities of the RFID technology are exploited. For successful data
retrieval the perpetrator’s antenna
must catch two different interactions:
the forward channel, which is the signal
being sent from the RFID reader to the
RFID token; and the backward channel,
which is the data being sent back from
the RFID token to the RFID reader. Lab
demonstrations3 have shown that a
successful eavesdrop (a capture of both
channels) on an RFID tag can occur at
a distance of one meter with the use of
an H-field antenna, a radio frequency
receiver, an oscilloscope to monitor the
signals, and a computer to store, analyze, and manipulate the data.
In the lab this was done as a proof of
concept, but in the real world a perpetrator could use smaller, more discrete
hardware. In our airport scenario, the
perpetrator would need only an antenna and an amplifier to boost the signal capture, a radio-frequency mixer
and filter, and a computer to store the
data. The amplifier itself would not
even need to be that powerful, since
it would need to boost the signal over
only a short distance of three to five
meters. The antenna, mixer, and filter
can be homemade with cheap materials or purchased as a set online. Some
Web sites (for example, http://www.
openpcd.org/openpicc.0.html) contain schematics, lists of materials, and
steps on how to build your own RFID
reader the size of a matchbox. These
RFID “sniffers” can then be plugged
into a laptop via a USB port.
Once the perpetrator has successfully eavesdropped on the communication between the RFID token and the
RFID reader, the next step is data recovery. This requires two separate steps.
The first is recovering the actual signal
between the RFID chip in the passport
and the RFID reader. This is a signal-processing problem, essentially separating the actual signal from the noise
of the background. Proof-of-concept
experiments3 have shown that data
recovery is a brute-force problem that
can be solved with current hardware. A