14 DAY TRIAL // Researchers from the University of Washington and the RSA Laboratories have released a report according to which the electronic product codes (RFID tags) embedded in documents for border crossing, such as the Passport Card or Enhanced Drivers’ license (EDL), are vulnerable to impersonation, surveillance and Denial-of-Service attacks. Attackers can snoop the data from the tags from a distance, and create clones of the tag, or even cause it to self-destruct.
Passport cards are a cheaper and limited type of documents for border crossing, but in comparison with the classic passport booklets, the cards are only available for sea and land travel. These cards are to be used for border crossing between the US, Canada, Mexico, the Caribbean or Bermuda, and have an RFID chip containing a database ID number embedded in them. The same type of RFID tags are being employed in Enhanced Drivers’ licenses (EDLs), which have currently been implemented and issued in New York and Washington, with other states soon to follow.
The research revealed significant problems regarding the security of such documents, and the findings have been submitted to the Department of Homeland Security and Washington State officials. A primary concern is the possibility that an attacker can read the data on the devices from a distance. The sniffed data could then be written to an empty RFID tag, and embedded in a fake document. This vulnerability could also enable the surveillance or tracking of an individual.
“Our work suggests that as deployed, Passport Cards and Washington State EDLs possess security and privacy deficiencies that have the potential to compromise border security or render it more fragile than necessary and desirable,” the researchers note in a presentation of their report.
Another attack involves the Kill pin of the RFID tag, which is not set on the Washington cards. This opens up the possibility of someone launching a mass-attack that would render all such cards nearly unreadable. An attacker could cause “EDLs to self-destruct in order to create a nuisance or to undermine traveler confidence by causing a publicly visible disruption of passenger movement,” exemplify the researchers.
The RFID tags have generally been the subject of a lot of security related controversy lately, and authorities have occasionally tried to downplay or even hide the risks through legal actions. Such was the case of three MIT students who were forced by a court order, obtained by the Massachusetts Bay Transit Authority, to cancel their DEFCON presentation regarding hacking the Charlie Card used by the Boston subway system.
Researchers from the Radboud University, in Nijmegen in The Netherlands, were also sued by NXP, the manufacturers of the globally used Mifare Classic RFID chips, in order to prevent them from publishing their findings. Fortunately, a Dutch judge ruled favorably for the researchers, and they were able to show the world how the Mifare Calssic chips are hackable in ten minutes.
Earlier this year, Adam Savage, co-host of the popular show Myth Busters, revealed at a conference that their producers were legally pressured into giving up on the idea of running an episode that targeted RFID security issues. Fortunately, some officials do acknowledge the problem, California recently passing a law that makes sniffing RFID tags a crime.