Border-Crossing Cards Can Be Copied
By KEITH J. WINSTEINArticle
October 23, 2008

New U.S. border-crossing cards can be copied and remotely disabled with off-the-shelf equipment, researchers said, the latest finding of security weaknesses in wireless technology.
The Department of Homeland Security, which has reviewed the findings, said it was aware of the possibility of electronic mischief and wasn't concerned.
The study, by researchers at the University of Washington and the RSA Laboratories division of EMC Corp., examined state and federal ID cards issued for the Western Hemisphere Travel Initiative, which tightens border security at land and sea crossings in North America beginning next June.
Such cards, including "enhanced" state drivers' licenses and U.S. passport cards, contain a tiny radio chip and transmit an identification number as the bearer drives up to a border crossing. That allows officials to speed up crossings for holders because identifying documents don't need to be inspected by hand.
But the cards' private identifying information -- a confidential, 10-digit ID number for each individual -- can be remotely extracted with equipment costing about $2,000, the researchers found, even from more than 30 feet away. The study results don't apply to U.S. passports, which include a more sophisticated security scheme.
The ID number from crossing cards can be copied to a new card costing about 10 cents, allowing somebody else to masquerade as the cardholder. At a border crossing, the cardholder's photo would also pop up on a guard's screen, so any impostor would need a similar appearance. The cardholder wouldn't know that their card has been copied.
Reproducing a crossing card is easy in part because the government's cards don't employ an anticopying feature, the study found, even though a Homeland Security document issued earlier this year touted the technique and said it would be employed.
In addition, new radio-enabled drivers' licenses issued by the state of Washington can be remotely "killed," or disabled, by a malicious transmission sent via radio, the study says. Four other states -- Arizona, Michigan, New York and Vermont -- issue or are planning radio-enabled drivers' licenses. Whether those states' licenses can be copied or killed isn't known. A spokeswoman for Washington's department of licensing said the state is looking into deactivating the "kill" feature in the future.
RSA, which sells computer-security tools and has proposed more protections in radio ID cards, is posting the findings on its Web site. "There is a critical infrastructure evolving around RFID," said Ari Juels, a researcher at the company, using the abbreviation for radio-frequency identification. "If we don't build in protections now, it will be much harder to build them in later," he said.
The Department of Homeland Security said fooling an immigration officer would require more than a forged ID card. The study raised "issues that we were aware of, but certainly issues that we feel have been addressed," said Kathleen Kraninger, the department's deputy assistant secretary for policy.

http://online.wsj.com