Thread: Wired: Disable Your Passport's RFID Chip

How To: Disable Your Passport's RFID Chip

Issue 15.01 - January 2007

All passports issued by the US State Department after January 1 will have always-on radio frequency identification chips, making it easy for officials – and hackers – to grab your personal stats. Getting paranoid about strangers slurping up your identity? Here’s what you can do about it. But be careful – tampering with a passport is punishable by 25 years in prison. Not to mention the “specialâ€

The same site also sells cases to protect rfid credit cards, licenses, etc.

http://idstronghold.com/products.php?s=2

RFID Passport Shield Failure Demo - Flexilis
http://www.youtube.com/watch?v=-XXaqraF7pI

(this shows how the built in shield in your RFID passport doesn't really work)

RFID JOURNAL : THE WORLD'S RFID AUTHORITY
THE WORLD'S RFID AUTHORITY
One Year Later, U.S. E-Passport's Architect Says System Is a Success
Frank Moss, the U.S. State Department's former deputy assistant secretary for passport services, says the electronic passport is not a panacea, but does provide a number of real and potential benefits.

By Mary Catherine O'Connor

Aug. 16, 2007—One year ago this month, the U.S. State Department began issuing passports carrying 13.56 MHz, ISO 14443-compliant RFID inlays (see RFID News Roundup: U.S. Department of State to Begin Issuing e-Passports to the General Public). Between Aug. 1, 2006, to Aug. 15, 2007, the department issued 6,422,677 electronic passports (e-passports). Based on technical specifications set by the International Civil Aviation Organization (ICAO), these RFID-enabled documents are designed to deter passport counterfeiting and help inspectors verify the authenticity of the passports that travelers present.

To prevent unauthorized parties from reading personal data stored on its RFID chip, the e-passport includes basic access control, consisting of a personal identification number (PIN) printed on the passport. Before an RFID interrogator can read this data, this PIN must first be optically read. To further deter unauthorized access to the chip, the e-passport's cover contains a metallic liner that blocks the inlay from receiving or transmitting RF signals whenever the cover is closed.


Frank Moss
Frank Moss spent 32 years working for the State Department before retiring in March of this year. He spent his last four years overseeing the U.S Passport program and the development of the electronic passport in this country. During his time as deputy assistant secretary of state for passport services at the State Department, Moss defended the e-passport's design and security features before Congressional committees, privacy and travel groups, and private sector representatives. He also worked on the proposed PASS card, a passport alternative designed to satisfy border security requirements set forth by the Western Hemisphere Travel Initiative.

After leaving the State Department, Moss founded Identity Matters, a consultancy, and is presently working with a range of vendors that contribute to e-passports and other security documents. These include RFID chip maker Texas Instruments and security products and services provider L-1 Identity Solutions. Recently, RFID Journal interviewed Moss about the e-passport program.

Q: Has the electronic passport program improved border security?

A: The way I've often described the [RFID] chip in the passport is to say that it is another arrow in the quiver of our border security system. It's not a panacea; it doesn't solve all problems. When the U.S. introduced our e-passport, we did it as part of introducing a new book, which has other new security features, as well as changes to our underlying process to adjudicate [verify the authenticity of] passports. It's a whole-systems approach.

The e-passport, in particular, was intended to establish an electronic link between you, the traveler; your photograph, which is in the book; and the biometric data that is written to the chip. It helps the inspector ensure that the person carrying the passport is the one to whom it was legitimately issued. That is a major border security enhancement. It also makes it more difficult for someone other than the person to whom the passport was issued to use it.

Q: E-passports have been identified as a means for improving the flow of people through checkpoints. Has the U.S. e-passport done that?

A: Actually, the e-passport was looked upon more as a security enhancement. It really was not seen, in the post-9/11 perspective, as a recipe to facilitate movement of people through ports of entry. I think, though, that it has a secondary benefit worth noting, and that is that you present your e-passport to the inspector, he puts it on his reader and your image pops up and he can make certain that, yes, you match the photo saved to the chip and the photo printed on the passport…that lets him focus much more quickly on other indicators—behavioral indications—that might be important, and helps move people through airports a little more quickly. But I have no data on that.

Q: While the State Department is using high-frequency 13.56 MHz technology with a short read range and data encryption for electronic passports, the U.S. Department of Homeland Security is moving forward with ultra-high frequency 918 MHz EPC Gen 2 technology, to enhance the security on PASS cards and licenses meant to satisfy increased security requirements at borders, post 9-11. EPC Gen 2 has a long read range and no data encryption [see RFID Vendors Brief Congress on PASS Card Security]. Why didn't the DHS follow the lead of the State Department and use the more secure approach?

A: The different technologies being used are driven by the fact that in the two instances, you are transmitting very different types of information. A passport needs to be globally interoperable. Not only does the United States need to be able to read your passport, so does Australia, China, Japan, etc. Therefore, your biometric data—the facial image—and all your personal data has to be written to the chip [otherwise, various countries would not be able to access the data]. So you need to keep that data more secure. For that reason, the ISO 14443 chip architecture, with its very short read range, is used [for the passport]. You also have techniques such as basic access control and anti-skimming control [metal-mesh passport cover] to keep that data secure.

In the case of a PASS card, you are dealing with another issue. This is a document intended to be read by the United States [Customs and Border Protection] for land travel to Canada or Mexico, or on some maritime cruises. And in that case, all you are transmitting is a pointer back to a secure database that the U.S. controls. All you need that pointer to do is tell the system "pull out file such-and-such and make it available to the inspector."

I also think that it is noteworthy to mention that even in the PASS card, the vendors proposing a solution must provide a [metallic] sleeve to keep that card from being read until it is removed from the sleeve.

Q: How do you see the e-passport program changing in the future?

A: The e-passport marks the beginning of the migration of the passport away from being a paper-based document, toward one that has an integrated chip. I feel that embedding a chip into the passport opens the door—over time, perhaps over the next five to seven years—toward additional functionality being assigned to that chip. For example, right now when you travel abroad, you get a rubber stamp that says you were here or there. Perhaps over time, as the chips become faster, have more memory, and we add the ability to write data to them, we may be able to do entry and exit stamps on the passport, electronically, saving them to the chip, rather than stamping them in the book.

There would be several advantages to this. For one, it would give border inspectors access to an instantaneous history of where the person has been, so they won't have to look through the pages of the passport book. It also has the advantage of making the passport a more modern document, and perhaps, one that is even less susceptible to fraud, even in terms of entry caches and things like that, because they would be electronic, as opposed to a stamp.

As e-passports become more common around the world, and as more countries buy more readers [required to read the data on the embedded chips], you'll also see evolutions in the border inspection process. What happens now is that you hand the passport to the inspector, the machine-readable part is read, the chip is unlocked and the data pops up on the inspector's computer screen. Because it is [an] ISO 14443-compliant tag, you're never going to be able to read it from a distance—but what if, rather than having the chip read at the time you hand the passport to the inspector, there was a reader prepositioned in line [to which you'd open and present your passport while waiting in line], so that the inspector would see your data on his or her computer screen when you arrive at the checkpoint? I don't believe this is happening yet, but it certainly is in the realm of possibilities.

I'm not saying we'd take the inspector out of the process. He or she is still going to be there, but to the extent that the inspector can get the data from the chip pulled up on the screen faster, that would let them concentrate more on the passport book and the person presenting it. The behavior of the traveler can be very useful in detecting people who may be a security concern to the United States or other governments.

RELATED ARTICLES
› MasterCard Rolls Out Contactless Carpet in the U.K.
› Hong Kong Shoppers Use RFID-enabled Mirror to See What They Want
› RFID Academic Convocation Issues Call for Papers
› RFID Journal LIVE! 2007 Report
Q: Some security experts say the data protections used in e-passports—not just those issued by the U.S., but those issued by other countries following the ICAO specifications—have been poorly vetted and are vulnerable to hacking. Just last week, a German hacker named Lukas Grunwald, who last year cloned a passport chip, announced he had crashed two different passport interrogators by bombarding them with data. What is your take on these alleged shortcomings?

A: Cloning the chip is possible—it's essentially taking a digital photocopy of a chip. But cloning a chip doesn't mean you've made a fake passport that will get you into a country. [U.S.] passports also use watermarks, ultraviolet and infrared security features. And at the end of the day, you have the inspector doing checks on the passport and on you. If a reader were to crash because of the passport you were carrying, it would mean you'd be inspected more carefully.



| Back to normal page view | Send this article to a friend |

Copyright © 2002 - 2007 RFID Journal, Inc. All Rights Reserved

http://www.rfidjournal.com/article/arti ... /3567/-1/1

Hackers Clone E-Passports
Kim Zetter Email 08.03.06 | 2:00 AM
Two RFID researchers created a video showing how an RFID reader attached to an improvised explosive device could theoretically identify a U.S. citizen walking past the reader and set off a bomb. They haven't yet tested the theory on a real U.S. passport since the documents have yet to be distributed. The still here shows an attack using a prototype passport with RFID chip placed in the pocket of the victim. As the chip passes the reader, the reader detonates an explosive device placed in the trash can.
View Slideshow View Slideshow

LAS VEGAS -- A German computer security consultant has shown that he can clone the electronic passports that the United States and other countries are beginning to distribute this year.

The controversial e-passports contain radio frequency ID, or RFID, chips that the U.S. State Department and others say will help thwart document forgery. But Lukas Grunwald, a security consultant with DN-Systems in Germany and an RFID expert, says the data in the chips is easy to copy.

"The whole passport design is totally brain damaged," Grunwald says. "From my point of view all of these RFID passports are a huge waste of money. They're not increasing security at all."

Grunwald plans to demonstrate the cloning technique Thursday at the Black Hat security conference in Las Vegas.

The United States has led the charge for global e-passports because authorities say the chip, which is digitally signed by the issuing country, will help them distinguish between official documents and forged ones. The United States plans to begin issuing e-passports to U.S. citizens beginning in October. Germany has already started issuing the documents.

Although countries have talked about encrypting data that's stored on passport chips, this would require that a complicated infrastructure be built first, so currently the data is not encrypted.

"And of course if you can read the data, you can clone the data and put it in a new tag," Grunwald says.

The cloning news is confirmation for many e-passport critics that RFID chips won't make the documents more secure.

"Either this guy is incredible or this technology is unbelievably stupid," says Gus Hosein, a visiting fellow in information systems at the London School of Economics and Political Science and senior fellow at Privacy International, a U.K.-based group that opposes the use of RFID chips in passports.

"I think it's a combination of the two," Hosein says. "Is this what the best and the brightest of the world could come up with? Or is this what happens when you do policy laundering and you get a bunch of bureaucrats making decisions about technologies they don't understand?"

Grunwald says it took him only two weeks to figure out how to clone the passport chip. Most of that time he spent reading the standards for e-passports that are posted on a website for the International Civil Aviation Organization, a United Nations body that developed the standard. He tested the attack on a new European Union German passport, but the method would work on any country's e-passport, since all of them will be adhering to the same ICAO standard.

In a demonstration for Wired News, Grunwald placed his passport on top of an official passport-inspection RFID reader used for border control. He obtained the reader by ordering it from the maker -- Walluf, Germany-based ACG Identification Technologies -- but says someone could easily make their own for about $200 just by adding an antenna to a standard RFID reader.

He then launched a program that border patrol stations use to read the passports -- called Golden Reader Tool and made by secunet Security Networks -- and within four seconds, the data from the passport chip appeared on screen in the Golden Reader template.

Grunwald then prepared a sample blank passport page embedded with an RFID tag by placing it on the reader -- which can also act as a writer -- and burning in the ICAO layout, so that the basic structure of the chip matched that of an official passport.

As the final step, he used a program that he and a partner designed two years ago, called RFDump, to program the new chip with the copied information.

The result was a blank document that looks, to electronic passport readers, like the original passport.

Although he can clone the tag, Grunwald says it's not possible, as far as he can tell, to change data on the chip, such as the name or birth date, without being detected. That's because the passport uses cryptographic hashes to authenticate the data.

When he was done, he went on to clone the same passport data onto an ordinary smartcard -- such as the kind used by corporations for access keys -- after formatting the card's chip to the ICAO standard. He then showed how he could trick a reader into reading the cloned chip instead of a passport chip by placing the smartcard inside the passport between the reader and the passport chip. Because the reader is designed to read only one chip at a time, it read the chip nearest to it -- in the smartcard -- rather than the one embedded in the passport.

The demonstration means a terrorist whose name is on a watch list could carry a passport with his real name and photo printed on the pages, but with an RFID chip that contains different information cloned from someone else's passport. Any border-screening computers that rely on the electronic information -- instead of what's printed on the passport -- would wind up checking the wrong name.

Grunwald acknowledges, however, that such a plot could be easily thwarted by a screener who physically examines the passport to make sure the name and picture printed on it match the data read from the chip. Machine-readable OCR text printed at the bottom of the passport would also fail to match the RFID data.

Frank Moss, deputy assistant secretary of state for passport services at the State Department, says that designers of the e-passport have long known that the chips can be cloned and that other security safeguards in the passport design -- such as a digital photograph of the passport holder embedded in the data page -- would still prevent someone from using a forged or modified passport to gain entry into the United States and other countries.

"What this person has done is neither unexpected nor really all that remarkable," Moss says. "(T)he chip is not in and of itself a silver bullet.... It's an additional means of verifying that the person who is carrying the passport is the person to whom that passport was issued by the relevant government."

Moss also said that the United States has no plans to use fully automated inspection systems; therefore, a physical inspection of the passport against the data stored on the RFID chip would catch any discrepancies between the two.

There are other countries, however, that are considering taking human inspectors out of the loop. Australia, for one, has talked about using automated passport inspection for selected groups of travelers, Moss says.

In addition to the danger of counterfeiting, Grunwald says that the ability to tamper with e-passports opens up the possibility that someone could write corrupt data to the passport RFID tag that would crash an unprepared inspection system, or even introduce malicious code into the backend border-screening computers. This would work, however, only if the backend system suffers from the kind of built-in software vulnerabilities that have made other systems so receptive to viruses and Trojan-horse attacks.

"I want to say to people that if you're using RFID passports, then please make it secure," Grunwald says. "This is in your own interest and it's also in my interest. If you think about cyberterrorists and nasty, black-hat type of guys, it's a high risk.... From my point of view, it should not be possible to clone the passport at all."

Hosein agrees. "Is this going to be the massive flaw that makes the whole house of cards fall apart? Probably not. But I'm not entirely sure how confident we should feel about these new passports."

Grunwald's technique requires a counterfeiter to have physical possession of the original passport for a time. A forger could not surreptitiously clone a passport in a traveler's pocket or purse because of a built-in privacy feature called Basic Access Control that requires officials to unlock a passport's RFID chip before reading it. The chip can only be unlocked with a unique key derived from the machine-readable data printed on the passport's page.

To produce a clone, Grunwald has to program his copycat chip to answer to the key printed on the new passport. Alternatively, he can program the clone to dispense with Basic Access Control, which is an optional feature in the specification.

Grunwald's isn't the only research on e-passport problems circulating at Black Hat. Kevin Mahaffey and John Hering of Flexilis released a video Wednesday demonstrating that a privacy feature slated for the new passports may not work as designed.

As planned, U.S. e-passports will contain a web of metal fiber embedded in the front cover of the documents to shield them from unauthorized readers. Though Basic Access Control would keep the chip from yielding useful information to attackers, it would still announce its presence to anyone with the right equipment. The government added the shielding after privacy activists expressed worries that a terrorist could simply point a reader at a crowd and identify foreign travelers.

In theory, with metal fibers in the front cover, nobody can sniff out the presence of an e-passport that's closed. But Mahaffey and Hering demonstrated in their video how even if a passport opens only half an inch -- such as it might if placed in a purse or backpack -- it can reveal itself to a reader at least two feet away.

Using a mockup e-passport modeled on the U.S. design, they showed how an attacker could connect a hidden, improvised bomb to a reader such that it triggers an explosion when a passport-holder comes within range.

In addition to cloning passport chips, Grunwald has been able to clone RFID ticket cards used by students at universities to buy cafeteria meals and add money to the balance on the cards.

He and his partners were also able to crash RFID-enabled alarm systems designed to sound when an intruder breaks a window or door to gain entry. Such systems require workers to pass an RFID card over a reader to turn the system on and off. Grunwald found that by manipulating data on the RFID chip he could crash the system, opening the way for a thief to break into the building through a window or door.

And they were able to clone and manipulate RFID tags used in hotel room key cards and corporate access cards and create a master key card to open every room in a hotel, office or other facility. He was able, for example, to clone Mifare, the most commonly used key-access system, designed by Philips Electronics. To create a master key he simply needed two or three key cards for different rooms to determine the structure of the cards. Of the 10 different types of RFID systems he examined that were being used in hotels, none used encryption.

Many of the card systems that did use encryption failed to change the default key that manufacturers program into the access card system before shipping, or they used sample keys that the manufacturer includes in instructions sent with the cards. Grunwald and his partners created a dictionary database of all the sample keys they found in such literature (much of which they found accidentally published on purchasers' websites) to conduct what's known as a dictionary attack. When attacking a new access card system, their RFDump program would search the list until it found the key that unlocked a card's encryption.

"I was really surprised we were able to open about 75 percent of all the cards we collected," he says.

http://www.wired.com/science/discoverie ... 6/08/71521

Katherine Albrecht of Caspian has written a book on this. She was alerting us to it a long time ago. She is a lawyer who is very much concerned with the loss of privacy we are undergoing. Two sites: nocards.org, concerns the grocery store loyalty cards, the other: spychips.com concerns the rfid. Both are very interesting and informative if you want more information.

RealID,

Here is some about Dr. Katherine Albrecht work.


http://www.citizensadvocate.net/news...eriChipAP.html

MICROCHIP IMPLANTS CAUSE FAST-GROWING, MALIGNANT TUMORS IN LAB ANIMALS

Damning research findings could spell the end of VeriChip

Exclusive Global Announcement Made on WTPRN Friday Night!

From: Dr. Katherine Albrecht

FOR RELEASE:
September 8, 2007

MICROCHIP IMPLANTS CAUSE FAST-GROWING, MALIGNANT TUMORS IN LAB ANIMALS
Damning research could spell the end of VeriChip

The Associated Press will issue a breaking story this weekend revealing that microchip implants have induced cancer in laboratory animals and dogs, says privacy expert and long-time VeriChip opponent Dr. Katherine Albrecht.

As the AP will report, a series of research articles spanning more than a decade found that mice and rats injected with glass-encapsulated RFID transponders developed malignant, fast-growing, lethal cancers in up to 1% to 10% of cases. The tumors originated in the tissue surrounding the microchips and often grew to completely surround the devices, the researchers said.

Albrecht first became aware of the microchip-cancer link when she and her "Spychips" co-author, Liz McIntyre, were contacted by a pet owner whose dog had died from a chip-induced tumor. Albrecht then found medical studies showing a causal link between microchip implants and cancer in other animals. Before she brought the research to the AP's attention, none of the studies had received widespread public notice.

A four-month AP investigation turned up additional documents, several of which had been published before VeriChip's parent company, Applied Digital Solutions, sought FDA approval to market the implant for humans. The VeriChip received FDA approval in 2004 under the watch of then Health and Human Services Secretary Tommy Thompson who later joined the board of the company.

Under FDA policy, it would have been VeriChip's responsibility to bring the adverse studies to the FDA's attention, but VeriChip CEO Scott Silverman claims the company was unaware of the research.

Albrecht expressed skepticism that a company like VeriChip, whose primary business is microchip implants, would be unaware of relevant studies in the published literature.

"For Mr. Silverman not to know about this research would be negligent. If he did know about these studies, he certainly had an incentive to keep them quiet," said Albrecht. "Had the FDA known about the cancer link, they might never have approved his company's product."

Since gaining FDA approval, VeriChip has aggressively targeted diabetic and dementia patients, and recently announced that it had chipped 90 Alzheimer's patients and their caregivers in Florida. Employees in the Mexican Attorney General's Office, workers in a U.S. security firm, and club-goers in Europe have also been implanted.

Albrecht expressed concern for those who have received a chip implant, urging them to get the devices removed as soon as possible.

"These new revelations change everything," she said. "Why would anyone take the risk of a cancer chip in their arm?"

AGGRESSIVE MALIGNANT TUMORS FORMED AROUND A VERICHIP IMPLANT
Click the photos to enlarge.





Listen to Dr. Albrecht break this story on live radio on the EttaroLIVE! show Friday night. Catch the MP3 segment from this show on the We The People Radio Network!

www.wtprn.com



Plan to join Dr. Katherine Albrecht at the Hope For America Conference and Ron Paul Rally in Phoenix, Arizona on November 10th, 2007!
REGISTER NOW

Dr. Katherine Albrecht is the director of CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering), an organization she founded in 1999 to advocate free-market, consumer-based solutions to the problem of retail privacy invasion. She is also a talk show host of "Uncovering the Truth" every weekday from 10am-12noon EST on the We The People Radio Network.

Katherine is widely recognized as one of the world's leading experts on consumer privacy. She regularly speaks on the consumer privacy and civil liberties impacts of new technologies, with an emphasis on RFID and retail issues. She has testified on RFID technology before the Federal Trade Commission, state legislatures, the European Commission, and the Federal Reserve Bank, and she has given over a thousand television, radio and print interviews to news outlets all over the world. Her efforts have been featured on CNN, NPR, the CBS Evening News, Business Week, and the London Times, to name just a few.

Executive Technology Magazine has called Katherine "perhaps the country's single most vocal privacy advocate" and Wired magazine calls her the "Erin Brockovich" of RFID".

Learn more about her book and efforts to wake people up to the evils of human microchip implants!
www.spychips.org