Wardriving RFID passports?

Wardriving is the game to wander in a location and build the cartography of the wireless networks. Of course, the most interesting ones are the ones which are not protected or WEP protected (The equivalent of not being protected. It is too easy to break WEP).

Chris Paget, a well known white hacker who plays with RFID, has demonstrated a new type of wardriving: collecting information from the new US passport or driving license using RFID. In a video, he shows how he retrieved data needed to clone these cards.

In US passport and RFID, I presented the risks associated to these new cards. Paget shows how to do it with not much cost. The range of reading depends on the emitting power of the antenna. Even without cloning, with this type of attack, it would be possible to spot a person, once you sniffed his/her RFID identification code.

It should be noted that this type of RFID is not the one used in the e-passport (the booklet passport). The e-passport is more secure.

Nevertheless, it is worrying to see administrations deploying such weak systems.

Leave a Reply

Your email address will not be published. Required fields are marked *