RFID passport wardriving

Obviously the workaround is to stay away from Fisherman's Wharf.

Zipping past Fisherman's Wharf, Chris Paget's scanner downloaded to his laptop the unique serial numbers of two pedestrians' electronic U.S. passport cards embedded with radio frequency identification, or RFID, tags. Within an hour, he'd "skimmed" four more of the new, microchipped PASS cards from a distance of 20 feet.

"There's a reason you don't wear your Social Security number across your T-shirt," Albrecht says, "and beaming out your new, national RFID number in a 30-foot radius would be far worse."

But Gigi Zenk, a spokeswoman for the Washington state Department of Licensing, says Americans "aren't that concerned about the RFID" in a time when "tracking an individual is much easier through a cell phone."

Tags: , ,

18 Responses:

  1. wealhtheow says:

    I wish WA-DOL's "1 problem + 1 problem = 0 problems" math worked in *my* version of reality. It would, well, solve all my problems.

  2. maxmin says:

    > But Gigi Zenk, a spokeswoman for the Washington state Department of Licensing, says Americans "aren't that concerned about the RFID" in a time when "tracking an individual is much easier through a cell phone."

    Ignoring the fact that you need to ba a government official/cop and at least ostensibly get a warrant to track someones cell phone, whereas any random individual can do what this guy did.

    • jwz says:

      I had one of those (not that model, but another faraday wallet). It didn't work.

      • homodachi says:

        Darn, I kinda wanted one. How did you find out it didn't work?

      • mackys says:

        People tend to forget that to actually be effective against radio signals, a Farady cage has to be earthed. Otherwise it blocks electrostatic, but RF can still leak in.

        Re: avoiding Fisherman's Wharf. Umm... people still go to Fisherman's Wharf? ;]

        • biggeek says:

          Umm... people still go to Fisherman's Wharf? ;]

          Support the Musèe Mècanique, you cretin.

        • adolf says:

          If you said "completely" instead of "actually," I'd agree 100%.

          However, I have one of these. I put my cell phone into it to keep the boss from knowing where I'm at when I pop down the road for coffee. (I'd turn the thing off, instead, but that generates a log entry that they can see.)

          Works well enough at blocking both CDMA and GPS that I don't have any problems.

          Saying a Faraday cage needs earthed in order to actually be effective is like saying an antenna needs earthed in order to be actually be effective. In either case, a real earth ground is certainly ideal, but in many cases, things can work quite well enough to accomplish a task without being properly grounded.

        • cattycritic says:

          From the Wikipedia page you linked: "To a large degree, Faraday cages also shield the interior from external electromagnetic radiation if the conductor is thick enough and any holes are significantly smaller than the radiation's wavelength."

          "Significantly smaller" is generally taken as less than 10% of the wavelength.

          If the wallets don't work, then I'd first question whether the wallet's metal either fully encloses the chipped item (which doesn't seem likely if it doesn't even have a flap), or is using a metal mesh with gaps that are too wide, or if solid, is not thick enough, or maybe, is just a complete scam.

          I can't seem to find what US Passport RFID readers typically use, but microwave signals are in the centimeter range. That means you would need millimeter-order mesh (look at the holes in the front of your microwave's door), which may make a wallet too stiff. Ideally it should go inside a solid conducting box. Not terribly comfortable in one's back or breast pocket though.

  3. muftak says:

    Don't US passport RFID chips give out a different random ID each time? Like they do everywhere else.

    • supersat says:

      These are not the same as passports, or even in the same ballpark. They use the EPC Gen2 protocol instead of ISO 14443. Unlike passports, they have no cryptographic capability, and can only store about 16 bytes, but can be read from far away.

    • herbie says:

      Also, historically, RFID crypto implementations haven't been very trustworthy...

  4. lohphat says:

    It should destroy the chip. But the new Heimland Gestapo are requiring functional RFID passports. Nuking the chip may delay you at the airport.

    • biggeek says:

      There's a chance of arcing which would leave a scorch mark on/in the passport, giving away the fact that it's been tampered with. Then you're up for a lovely cavity search by Homeland Security.

      Bang your passport with a mallet.