Your secrets not so safe with RFID-enabled passports

by Darren Murph, posted Oct 28th 2006 at 1:30PM

Ever since these newfangled RFID e-passports hit the mainstream, understandable concerns have frequently surfaced regarding the security (or lack thereof) involved. The Dutch version has already been cracked, Germans can clone theirs, and Ireland's doesn't even have a protective sheath to keep its data safe from unauthorized readers; now it appears that you have one more reason to stick with the ole laminated paper version, as security researchers have released "proof-of-contact code that they say enables an attacker to read the passport number, date of birth, and passport expiration date." The flaw was unveiled by Adam Laurie -- a well-respected watchman of Bluetooth security weaknesses -- in his "Bugtraq" newsletter, but no specifics were reported regarding how evildoers could extract such precious information and subsequently steal your identity. Nevertheless, those RFID-shielding manufacturers must be licking their chops right about now, and rightfully so.

Filed under: Wireless

Tags: passports, rfid, security, threat

Reader Comments (Page 1 of 1)

Highly Ranked

IndentityThief @ Oct 28th 2006 3:17PM

Woot Mr Frank Moss just bought a 60" plasma TV and put his first payment down on a 8 bedroom condo.

Cheers Engadget!

Neutral

Victor Cornelius @ Oct 28th 2006 1:52PM

Wait, so is the one in the picture an old passport or one with an RFID tag in it? Cause I just got mine in the mail yesterday and it looks just like that.

Neutral

Chuck @ Oct 28th 2006 2:36PM

It honestly blows me away that in this age of heightened security RFID passports are being pushed through so recklessly by these governments.
Whatever company is making all the $$$ from these did some pretty impressive 'lobbying'.

Neutral

dunk @ Oct 28th 2006 6:54PM

all RFID passports should have a little icon on the cover, two horizontal rectangles, bisected by a circle http://travel.state.gov/passport/eppt/eppt_2788.html#Eight

if the US one is anything like the british one, it should be pretty obvious that you have one as the back page is very thick, laminated & has copper wire and a visible chip.

Neutral

willdao @ Oct 28th 2006 3:54PM

Well, I must say my humor was running the same way...plasma wallscreen, and all, so, darnit, ya beat me to it.

Drat!

But that's O.K., I'll be perfectly willing to gun for a Sony "Pearl" front PJ, so, looks like Mr. Moss can keep on sharing that goodness all the way 'round!

(So, is this, like, Jason's Dad-in-law, or sumthin'? Gotta be. Divorce? Well, the Calicanis personal ugliness surely is my gain. So way cool for him to kinda left-hand fund such jive [high ticket] "gadgets" for us. All. And all. And all. All...and...all y'all...)

Oh, man, now, don't YOU be spreadin' lame rumors that I've only just friggin' made up out of whole cloth, right? (Only from the finest-laid Irish linen, needed me some new rags, and all, so, thanks again, Mr, Moss!)

Is it just me, or do you guys just desperately feel the itch for some new ruby- and ebony-inlaid, ivory corn-cob holder sets, now that the summer "silver queen" season's relatively over, and they're on, um, "special?"

Neutral

Rohit Kapur @ Oct 28th 2006 4:05PM

You guys removed my comment and the one from the other guy dissing you off!

Not cool. Really not cool. I stood up for you guys!!!! So not cool.

Neutral

shaun @ Oct 28th 2006 4:12PM

So can I stick this new passport in the microwave and fry the rfid circuit? Would that work?

Of course the next question is: If the rfid is non-functional when I travel will that prevent me from passing through customs?

...just wondering...

Neutral

haha @ Oct 28th 2006 4:20PM

wait... has that passport in the picture actually been hacked?

cuz that guy is definitely my neighbor -- i grew up playing his kids. he's sorta douche-y.

Neutral

Bend4rt @ Oct 28th 2006 10:53PM

Haha :) I just got myself one of those a few months back... I told them I want a passport without chip and they said that is not an option. I told them that this is unsafe and all that because anyone in a radius of 10 metres that knows something about wifi can read the data when at a passport check. Also if you destroy the chip the passport is invalid. Next there planning on adding all sort of nice things to this chip like fingerprints and iris recognition wich sucks if someone get's that info since you'll be using credit cards and so on with those eyes you have stored in the chip. So governments can track all your movements... that is if they aren't doing that yet with other portable electronics... sucks. Someone should fight against these MF's and defend the privacy of common people.

Neutral

Groovymarlin @ Oct 29th 2006 12:20AM

Couldn't I just wrap my RFID-enabled passport in tinfoil to protect myself?

Neutral

crescentdavid @ Oct 29th 2006 12:51PM

This is what happens when ANY government, the US most definitely included, allows corporations total control. Business will take the shortest, cheapest route, forsaking nominal safety and secutity procedures in order to maximize their profit and to hell with the consumer.

"After last summer's Black Hat conference, where I saw a video of two security researchers demonstrating how RFID tags in German passports could be cloned and understanding that this would soon affect American passport holders, the U.S.-based Smart Card Alliance issued a press release quoting Randy Vanderhoof, executive director of the Smart Card Alliance: "People do not need to be concerned about the security or privacy-protection features of the new e-passport program."

"... the Smart Card Alliance itself hasn't published its own research to the contrary, only press releases and white papers that belittle those who stand in the way of selling this technology to the masses." And we, the sheeple, allow this corrupt administration and these incompetent companies to continue putting our security at risk- just so the easy buck can be made. I mean, it's not like there's real competition.

http://reviews.cnet.com/4520-3513_7-6658127-1.html

Neutral

TheWakeUpCall @ Oct 29th 2006 4:48PM

In the UK they are making these compulsory.

Neutral

SecurityDude01 @ Oct 29th 2006 11:05PM

For the record, current American law (and respected abroad for American passports by treaty) is clear that even if the RFID circuit is non-functional, the passport is still perfectly valid for all uses. Granted, you may be subjected to additional security screenings (much like checking through security for a flight and not having your photo id... you can still get through, you'll just get screened twice), but they cannot bar you from anything for having a non-functional RFID passport. That is how the law currently reads... not to say *they* (those nice men in the long black coats who arrive by black helicopter) wont change it at some point in the future, but for now you're free to microwave your passport. Rather than a microwave session, I'd suggest a bunch of neodynium magnets on both sides of the page moved vigorously back and forth for some period of time. With the microwave you run the risk of blackening your photograph unless you do it in minimal bursts. You should be able to obliterate the data with some magnets of sufficient strength. As a final note, performing actual "surgery" on the passport is frowned upon! There you have it, the answer to most of life's importnt questions... the other answer is 42.

Neutral