# Hackers clone passports in drive-by RFID heist



## ekim68 (Jul 8, 2003)

_A British hacker has shown how easy it is to clone US passport cards that use RFID by conducting a drive-by test on the streets of San Francisco._

Chris Paget, director of research and development at Seattle-based IOActive, used a US$250 Motorola RFID reader and an antenna mounted in a cars side window and drove for 20 minutes around San Francisco, with a colleague videoing the demonstration.

During the demonstration he picked up the details of two US passport cards, which are fitted with RFID chips and can be used instead of traditional passports for travel to Canada, Mexico and the Caribbean.

http://www.itnews.com.au/News/95588,hackers-clone-passports-in-driveby-rfid-heist.aspx


----------



## StumpedTechy (Jul 7, 2004)

> I dont believe we should have any kind of identity document with RFID tags in them. My ultimate goal here would be, my dream for this research, would be to see the entire Western Hemisphere Travel Initiative be scrapped


Hrm I guess this article must be wrong when it says there will be encryption on those RFIDs. And this was even written a few years back.... maybe they deterined they wanted to save the $4.75 a chip.

http://www.wired.com/wired/archive/14.05/rfid.html



> For protection, RFID signals can be encrypted. The chips that will go into US passports, for example, will likely be coded to make it difficult for unauthorized readers to retrieve their onboard information (which will include a person's name, age, nationality, and photo). But most commercial RFID tags don't include security, which is expensive: A typical passive RFID chip costs about a quarter, whereas one with encryption capabilities runs about $5.


----------



## Frank4d (Sep 10, 2006)

> For protection, RFID signals can be encrypted. The chips that will go into US passports, for example, will likely be coded to make it difficult for unauthorized readers to retrieve their onboard information (which will include a person's name, age, nationality, and photo). But most commercial RFID tags don't include security, which is expensive: A typical passive RFID chip costs about a quarter, whereas one with encryption capabilities runs about $5.


According to the US Dept. of State, the RFID chip contains no personally identifiable information. What it does contain is a number that identifies a record stored in a secure government database.

So while it might be possible to clone the RFID chip, it doesn't (according to the US Dept. of State) contain enough information to clone a passport card.


----------

