Archive for the ‘RFID’ Category

RFID-based Passports – What a bad bad idea…

March 18, 2007

While attending EUSecWest I enjoyed a chat with Adam Laurie of the trifinite group. Adam demonstrated some techniques allowing him to clone the new UK biometric passports. The fun part of it was that Adam was given a brand new passport  (by a Daily Mail reporter) in its envelope, and he was able to pull the details of that passport without opening the envelope. If wanted, Adam could have also clone the passport.

So what does the RFID chip on the Passport contains?

“Encoded on the passport’s RFID chip are three important files. One contains an electronic copy of the printed information on the passport’s photo page; the second holds the electronic image of the holder’s photo. The third is a security device which checks that the previous two files are not accessed and altered.”

The key needed to access the RFID chip is a 24-digit code, which is printed at the bottom line of the passport’s Machine Readable Zone (MBZ).

When an immigration officer swipes the passport it reveals the MBZ code, allowing him to access the information stored on the RFID chip.

The problem is that the MBZ code can be easily determined (The MBZ contains information such as the passport holder’s birth date, passport expiration date, ID number, etc.). Since most of the parameters used for the MBZ are known, and that the RFID chip allows the enumeration of the chip without any defense mechanism (i.e after 3 non-successful read attempts…), brute forcing the key is possible.

I had taken a look at my passport. Although it is not an RFID-based passport I wanted to see how predictable the MBZ is. To say at least the MBZ is not a good idea to use.

The problems associated with this vulnerability include identity theft and other more scary issues.

More information can be found here (The Daily Mail), here (The Register) and here (The Register).