Fresh off the back of the Aussie passports being cloned last year by researchers standing in line to go through passport control with a pocket RFID reader, it would appear as though US researchers are now War Driving for electronic document data.
RFID, if you aren’t familiar, was originally a technology designed to manage items moving along conveyors and electronically routing them to their correct destination. Every time you check in your bag at the airport the system looks at yours out of thousands of bags and routes it towards your airplane. It’s also in those little purple stickers in your books at Borders that trigger the alarm unless they are deactivated (ie you’ve stolen the book).
Getting more technical, an RFID tag is literally a small, passive chip that broadcasts the message it is encoded with whenever a radio wave is passed over it. It doesn’t do it until the right frequency radio signal is applied but when it happens, the chip shouts “HI I’M HERE THIS IS WHAT I’VE GOT TO SAY:…”.
Imagine that chip is shouting all of your personal details like name, age, date and place of birth, ID number on your passport and unique identifying code for the passport system… Your passport or driver’s licence has now just shouted out (completely unencrypted) all the details required to clone your identity to anyone that chooses to listen.
Like the guy standing in the queue behind you, or in front of you, or potentially the low paid cleaner wandering past mopping the floor with a reader in their pocket.
The US are currently trialling e-Passports, as are Australia and many other nations and they are now used extensively in the EU. In many countries, new Drivers Licences are using them too.
In the context of an airport, security can be tightened to ensure there are blockers or jammers in place for unofficial readers, so that’s mostly okay.
The problem is that you can’t turn the RFID tag off. Whenever it is presented with an appropriate radio beam it will start shouting it’s details, again and again and again - as many times as you fancy beaming it. All without a battery, and all without your intervention or knowledge because of the RFID magic that powers the response message by sucking it from the inbound radio wave.
As shown on this post today (watch the video). You can see that just by driving around down town San Francisco they manage to pick up people’s details and clone them without the user’s knowledge. Just by having the document in their pocket (think how often your driver’s licence is in your pocket or handbag).
Once cloned, it doesn’t take much to start getting more info about a person and then from there full scale identity theft can take place.
Given the amount of money invested in this technology by various governments and the perceived added security it creates, there’s no stopping the trend now. If you do have an RFID enabled licence or passport you should shield it using a magnet in your wallet (and wipe your ATM cards) or put it in a metal-lined case or sleeve. These are low tech for the moment but expect sleeves to start coming out to protect your documents from drive by cloners soon.