(Dark Reading, 2/2/09)
With a $250 used RFID scanner he purchased on eBay and a low-profile antenna tucked away in his car, a security researcher recently cruised the streets along Fisherman’s Wharf in San Francisco, where he captured — and cloned — a half-dozen electronic passports within an hour. This newest RFID attack is being coined as “war cloning” given its similarity to war-driving, or wireless sniffing.
The security weaknesses of the EPC Gen 2 RFID tags, which lack encryption and true authentication, have been well-known and of concern to privacy advocates for some time. These tags are being used in the new wallet-sized passport cards that the U.S. Department of Homeland Security offers under the new Western Hemisphere Travel Initiative for travel to and from Western Hemisphere countries. The e-cards are aimed at simplifying and speeding up the border-crossing process, providing U.S. Customs and border agents with information on the individual as he or she queues up to inspection booths at the border.