IoT Security Blog

Articles and Posts on IoT Security, Embedded Systems, and the Internet of Things

Got $250? Cloning Electronic Passport Cards

Contributed by Joanne C. Kelleher

Security researcher Chris Paget has developed a way to secretly sniff and clone electronic passport cards from 30 feet away with a used RFID reader from eBay. His efforts build off the work of researchers at the University of Washington and RSA, which last year found weaknesses in US passport cards and enhanced drivers’ licenses. See No Surprise: Border-Crossing Cards Can Be Copied.

Paget plans to discuss his efforts at the Shmoocon hacker convention to be held February 6-8 in Washington, D.C. The description of his talk says $250 on eBay buys the necessary kit to clone the Electronic Drivers License and US Passport Card. This talk covers everything you’ll need for a homebrew EDL and PASS cloner, as well as a fair bit of info on the EPC Gen2 RFID tags used.

Per an article in The Register, a spokesperson at the U.S. State Department, which issues the Passport Cards, declined to comment and officials with the US Customs and Border Protection Department say they have no plans to overhaul the technology used in passport cards.

As we get closer to this convention it will be interesting to see if Paget is allowed to give this presentation. Researchers who have planned to discuss how they hacked RFID have been stopped in the past by legal maneuvering. In August the Massachusetts Bay Transit Authority was successful in obtaining a temporary 10 day injunction against three MIT students preventing them from giving the planned presentation at DEFCON about how they hacked the CharlieCard which is based on the Mifare Classic card from NXP. See A Quiz on Hacking Transportation Cards.  A similar injunction was requested by NXP against researchers at Radboud University in Nijmegen.  See NXP Injunction Against Mifare Hacking Report is Denied.

More on this story:
DarkReading
Drive-By ‘War Cloning’ Attack Hacks Electronic Passports, Driver’s Licenses

The Register
Passport RFIDs cloned wholesale by $250 eBay auction spree, Video demo shows you how

UPDATE:  See post https://veridify.com/RFID-Security-blog/?p=98 for more discussion on this topic.  Chris Paget did present his talk at Schmoocon, you can read a review and see his presentation at http://hackaday.com/2009/02/16/shmoocon-2009-chris-pagets-rfid-cloning-talk/.