E-passports or bombs?

28/08/2006 Written by Roberto Preatoni (SyS64738)

We knew about the holes in that technology standing behind  new e-passports, but nobody could expect that they could trigger a bomb.

This is the astonishing revelation by a team of experts working for a U.S. RFID firm. E- passports represent an important innovation that has been introduced to implement security in international displacements. But the technology which new documents are based on, seems to urge some more check.

We have  already written about the leaks of the RFID technology, as demonstrated during the HOPE conference , but the hypothesis presented by experts at Flexilis, a Los Angeles RFID Security firm, opens a new, frightening perspective: according to them the digital document could be used to set off a bomb.

The study that draw to this conclusion was presented during the BlackHat Security Conference in Las Vegas in July 2005 and was based on the question: “What if a terrorist were to develop a RFID-enabled land mine tuned to the frequency of an American passport when it came in proximity? Could it detonate an explosive?" 

The experiment was carried out by using a mock-up of the new passport, equipped with an RFID chip, in whose proximity was prepared  a small explosive charge.

The explosive could effectively set off  when the document came within a foot of it, if it was about half a inch open -as it might easily be in someone’s pocket- ,  as can be seen in the film recorded at Flexilis or read in the official press release .

 "The government has taken great steps in securing the passport, but our one fundamental concern is that the shielding technology is inadequate," says John Hering, director of Flexilis.

According to him, the problem is that the tag can be easily read, in spite of the metallic shielding in the passport. The risks connected to the break of the encryption protecting the RFID chip, could be avoided by wrapping the entire cover of the passport (not just one side) in a conductive material – be it solid or cover fiber- because this way it would be physically impossible to read the passport. 

The Manufacturer replied that the technology behind the chip is at the highest standards and that "Passport holders should exercise the same caution they do with current printed passports to protect personal information." 

That is as saying that.. if anything will happen it will depend on users’ carelessness.