A number of countries around the world are introducing technology-enhanced passports designed to prevent or greatly inhibit forgery and counterfeiting. One of the key components is the Radio Frequency Identification (RFID) memory chip. Residence visas and national identity cards are also beginning to include the chips.
The reason is that the chips are supposed to be nearly impossible to forge or tamper with. They are intended to store coded data, including biometric data such as fingerprints, face and iris scans, as well as all other necessary details to prove who the holder of the document is.
This week a German computer security consultant has demonstrated how to "clone," or duplicate, a specific RFID chip. Lukas Grunwald, a security consultant with DN-Systems in Germany and an RFID expert, says the data in the chips is easy to copy, and he demonstrated the technique at the Black Hat Security Conference in Las Vegas on 03 August.
The hack was tested on a new European Union German passport, but the method would work on any country's "e-passport," since all of them will be adhering to the same ICAO standard. He obtained an RFID reader by ordering it from the maker - Walluf, Germany-based ACG Identification Technologies - but also explained that someone could easily make their own for about $200 just by adding an antenna to a standard RFID reader.
A program that border patrol stations use to read the passports (Golden Reader Tool, made by secunet Security Networks) and, within four seconds, the data from the passport chip was displayed in the Golden Reader template.
He then prepared a sample blank passport page embedded with an RFID tag by placing it on the reader. The reader can also act as a writer, and the information is transferred in the ICAO layout. The basic structure of the chip now matches that of an official passport.
Finally, Grunwald used a program that he and a partner designed two years ago to program the new chip with the copied information.
RFID design "totally brain damaged"
The result was a blank document that looks, to electronic passport readers, like the original passport.
"The whole passport design is totally brain damaged," Grunwald says. "From my point of view all of these RFID passports are a huge waste of money. They're not increasing security at all."
"Of course if you can read the data, you can clone the data and put it in a new tag."
This is an embarrassing development for quite a number of governments who have collectively invested billions of euros over the past several years to develop and implement several different schemes. Worse, the hack has become news just as several nations have begun issuing the new "ePassports" (another common designation) and are generally beginning to roll them out during the next several years.
Even more billions are already committed, not only to the production of these passports and identity documents, but also to the entire infrastructure needed to support the effort. Tens of thousands of man-hours and dozens of lucrative contracts have been and are being committed to huge databases, and the security checkpoints at embarkation and debarkation areas for many countries.
It turns out that while many governments have discussed encrypting the data on these RFID chips, very little effort has yet gone into implementing the encryption. The reason is simple: it will add immense complexity and expense to the entire concept.
Now it seems that there will be little choice.
"Either this guy is incredible, or this technology is unbelievably stupid," says Gus Hosein, a visiting fellow in information systems at the London School of Economics and Political Science.
Grunwald says it took him only two weeks to figure out how to clone the passport chip. Most of that time he spent reading the standards for e-passports that are posted on several websites around the Internet. The International Civil Aviation Organization, a United Nations body that developed the standard, is only one of them.
Frank Moss, Deputy Assistant Secretary of State for passport services at the U.S. State Department, says that designers of the e-passport have long known that the chips can be cloned, but that other security safeguards in the passport design still prevent someone from using a forged or modified passport.
While the U.S. does not intend at this time to allow automated reading of passports, other countries are considering taking human inspectors out of the loop. Australia, for one example, has talked about using automated passport inspection for selected groups of travelers.
The reason this is important is that the RFID readers currently read only one chip at a time. It is possible for a person to have a cloned chip placed on top of the actual RFID chip in their document. The reader would read the 'top' or closest chip. However, the data read electronically would not match the printed data on the documents. So long as a human observer is examining the document, such a simple technique would fail.
In addition to the possibility of counterfeiting, Grunwald notes that the ability to tamper with e-passports at all opens up the possibility that data written to RFID tags could be used in other ways. Crashing an unprepared inspection system, or even introducing malicious code into the screening computers, is possible, maybe even probable. This could work if the computer system performing the reading has some form of software vulnerability.