Passport RFIDs cloned wholesale by $250 eBay auction spree

Video demo shows you how

Using inexpensive off-the-shelf components, an information security expert has built a mobile platform that can clone large numbers of the unique electronic identifiers used in US passport cards and next generation drivers licenses.

The $250 proof-of-concept device – which researcher Chris Paget built in his spare time – operates out of his vehicle and contains everything needed to sniff and then clone RFID, or radio frequency identification, tags. During a recent 20-minute drive in downtown San Francisco, it successfully copied the RFID tags of two passport cards without the knowledge of their owners.

Paget’s contraption builds off the work of researchers at RSA and the University of Washington, which last year found weaknesses in US passport cards and so-called EDLs, or enhanced drivers’ licenses. So far, about 750,000 people have applied for the passport cards, which are credit card-sized alternatives to passports for travel between the US and Mexico, Canada, the Caribbean, and Bermuda. EDLs are currently offered by Washington and New York states.

“It’s one thing to say that something can be done, it’s another thing completely to actually do it,” Paget said in explaining why he built the device. “It’s mainly to defeat the argument that you can’t do it in the real world, that there’s no real-world attack here, that it’s all theoretical.”

Read morePassport RFIDs cloned wholesale by $250 eBay auction spree

UK: Passports will be needed to buy mobile phones

Everyone who buys a mobile telephone will be forced to register their identity on a national database under government plans to extend massively the powers of state surveillance.

Phone buyers would have to present a passport or other official form of identification at the point of purchase. Privacy campaigners fear it marks the latest government move to create a surveillance society.

A compulsory national register for the owners of all 72m mobile phones in Britain would be part of a much bigger database to combat terrorism and crime. Whitehall officials have raised the idea of a register containing the names and addresses of everyone who buys a phone in recent talks with Vodafone and other telephone companies, insiders say.

The move is targeted at monitoring the owners of Britain’s estimated 40m prepaid mobile phones. They can be purchased with cash by customers who do not wish to give their names, addresses or credit card details.

The pay-as-you-go phones are popular with criminals and terrorists because their anonymity shields their activities from the authorities. But they are also used by thousands of law-abiding citizens who wish to communicate in private.

The move aims to close a loophole in plans being drawn up by GCHQ, the government’s eavesdropping centre in Cheltenham, to create a huge database to monitor and store the internet browsing habits, e-mail and telephone records of everyone in Britain.

The “Big Brother” database would have limited value to police and MI5 if it did not store details of the ownership of more than half the mobile phones in the country.

Read moreUK: Passports will be needed to buy mobile phones

Biometric passport chips can be cloned in an hour, researcher warns

Faked document with picture of Bin Laden fooled UN agency, newspaper reports


A British passport

New microchipped passports designed to protect against identity theft by terrorists and criminals can easily be faked, it was claimed today.

Tests showed that personal information could be cloned and manipulated within an hour before being inserted into new chips, the Times reported.

The paper said it had exposed “security flaws” in the passport system by asking a researcher to clone the chips on two British passports and implant digital images of Osama bin Laden and a suicide bomber. The altered chips were then passed as genuine by reader software used by the UN agency that sets the standards for such e-passports.

The tests showed that bogus biometrics could be inserted in fake or blank passports, the Times alleged, saying the flaws also undermined assertions that 3,000 blank passports stolen last week could not be forged.

Read moreBiometric passport chips can be cloned in an hour, researcher warns