New passports with RFID chips vulnerable to hacking and cloning
It’s that time of year again when we start to emerge from our winter hibernation and look for some summer sun. Unless you’re lucky enough to live somewhere warm and sunny most people will be travelling abroad to another country and one document is vital to boarding an international flight, a passport.
After the terrorist attacks on 9/11 in America passport security has been increased with the introduction of biometric data and the incorporation of wireless RFID chips in modern passports which contain much of the data printed in the passport, supposedly making them more secure and harder to counterfeit. But this isn’t always the case as will be explained below.
What are RFID chips?
RFID stand for Radio-frequency identification, a small device consisting of a chip which contains information and an antenna. Most RFID chips are passive which means they are powered by electromagnetic waves from an RFID reader, they do not need a battery and last for years, even decades. And they are everywhere. Some are as small as a grain of rice and commonly used for identification chips in pets, sometimes known as ‘pet passports’. Another major use of RFID chips is in ‘contactless cards’, security cards used in secure buildings, hotel rooms, public transportation and credit cards. Similar to a USB thumb drive, data can be read, written and sometimes rewritten to a RFID chip, and these chips are now used in passports. If you have passed through airport security recently you may have noticed the security official will scan your passport instead of looking through the pages. When he/she takes your passport it is placed on an RFID reader and all the information including your picture is displayed on their computer screen, sometimes they don’t even look inside the passport.
RFID chips are super cheap now, they have been used in disposable public transportation tickets in the Netherlands for years and blank chips can be purchased online in bulk from eBay/Amazon and numerous websites by anyone. The chip readers and writers can also be bough online for around $200 USD.
Hacking Passports with RFID Chips
Most modern smartphones now incorporate Near Field Communication (NFC), a wireless technology which can read and sometimes write data to RFID chips. This means that a passport RFID chip can be read with one of the many free Apps available for Android phones such as the NFC Passport Reader App. And data can be written to the chip with another App like this one.
Using these Apps a fraudster can read the information from your passport through your wallet or pocket with their phone, copy the information and create a clone of your passport. If you carry your passport around with you to use as ID and regularly hand it over to staff at a store or gas station they can copy the information in a matter of seconds by just placing it near a smartphone running one of the Apps mentioned above and then put all the information on to a blank card or passport later, this has been proven at the BlackHat conference and is detailed in this article.
We have provided this information to make people aware of the risks and so that they can take measure to protect their identity documents. You might want to try this yourself to see how easy it is but interfering with official documents (even your own) and many other forms of wireless hacking is illegal in most countries.