E-passports or bombs?

28/08/2006 Written by Roberto Preatoni (SyS64738)

We knew about the holes in that tech­nol­ogy stand­ing behind new e-​passports, but nobody could expect that they could trig­ger a bomb.

This is the aston­ish­ing rev­e­la­tion by a team of experts work­ing for a U.S. RFID firm. E– pass­ports rep­re­sent an impor­tant inno­va­tion that has been intro­duced to imple­ment secu­rity in inter­na­tional dis­place­ments. But the tech­nol­ogy which new doc­u­ments are based on, seems to urge some more check.

We have already writ­ten about the leaks of the RFID tech­nol­ogy, as demon­strated dur­ing the HOPE con­fer­ence , but the hypoth­e­sis pre­sented by experts at Flex­ilis, a Los Ange­les RFID Secu­rity firm, opens a new, fright­en­ing per­spec­tive: accord­ing to them the dig­i­tal doc­u­ment could be used to set off a bomb.

The study that draw to this con­clu­sion was pre­sented dur­ing the Black­Hat Secu­rity Con­fer­ence in Las Vegas in July 2005 and was based on the ques­tion: “What if a ter­ror­ist were to develop a RFID-​enabled land mine tuned to the fre­quency of an Amer­i­can pass­port when it came in prox­im­ity? Could it det­o­nate an explosive?” 

The exper­i­ment was car­ried out by using a mock-​up of the new pass­port, equipped with an RFID chip, in whose prox­im­ity was pre­pared a small explo­sive charge.

The explo­sive could effec­tively set off when the doc­u­ment came within a foot of it, if it was about half a inch open –as it might eas­ily be in someone’s pocket– , as can be seen in the film recorded at Flex­ilis or read in the offi­cial press release .

“The gov­ern­ment has taken great steps in secur­ing the pass­port, but our one fun­da­men­tal con­cern is that the shield­ing tech­nol­ogy is inad­e­quate,” says John Her­ing, direc­tor of Flexilis.

Accord­ing to him, the prob­lem is that the tag can be eas­ily read, in spite of the metal­lic shield­ing in the passport. The risks con­nected to the break of the encryp­tion pro­tect­ing the RFID chip, could be avoided by wrap­ping the entire cover of the pass­port (not just one side) in a con­duc­tive mate­r­ial – be it solid or cover fiber– because this way it would be phys­i­cally impos­si­ble to read the passport. 

The Man­u­fac­turer replied that the tech­nol­ogy behind the chip is at the high­est stan­dards and that “Pass­port hold­ers should exer­cise the same cau­tion they do with cur­rent printed pass­ports to pro­tect per­sonal information.” 

That is as say­ing that.. if any­thing will hap­pen it will depend on users’ carelessness.