War Cloning: Homeland Security's Passport Cards Can Be Cloned with $250 Worth of Equipment
You know those new Homeland Security Issued "Passport Cards? Those wallet sized ones that allow American's to travel too and from Mexico and Canada? Well if an Islamic terrorist had $250 bucks, he could drive by your house at 30 mph (or within 2 miles of it) clone it, and use your passport card to travel to and from Mexico and Canada under the guise of being you. Oh, cloning your driver's license is just as easy.
The reason I'm bringing you this story is to provide an example of what hackers are capable of. So let's all wave our contactless cards and NFC enabled phones when they become widely available because they're safe and secure and convenient, (personally, I'm not buyin' it)
What's more disturbing about this story is the fact that it creates a scenario whereby Homeland Security is actually potentially providing the instrument of mass destruction. WarCloning is indeed the right word for this type of hack, as this story suggests the following hypothetical.
You know those new Homeland Security Issued "Passport Cards? Those wallet sized ones that allow American's to travel too and from Mexico and Canada? Well if an Islamic terrorist had $250 bucks, he could drive by your house at 30 mph (or within 2 miles of it) clone it, and use your passport card to travel to and from Mexico and Canada under the guise of being you. Oh, cloning your driver's license is just as easy.
The reason I'm bringing you this story is to provide an example of what hackers are capable of. So let's all wave our contactless cards and NFC enabled phones when they become widely available because they're safe and secure and convenient, (personally, I'm not buyin' it)
What's more disturbing about this story is the fact that it creates a scenario whereby Homeland Security is actually potentially providing the instrument of mass destruction. WarCloning is indeed the right word for this type of hack, as this story suggests the following hypothetical.
After a devastating attack on a major US city, it could be proven that on such and such a day, at such and such a time, you entered the US from Mexico, (your cloned DL and Passport card provide the evidence) and that two days later you purchased 250 pounds of fertilizer (your cloned debit card transaction record provides that proof) went on to rent an industrial van, (proven by your cloned credit card transaction) drove to a specific location, and then...we'll you get the morbidity of my point. You may or may not have alibi's to disprove the "evidence" but even if you did, the investigation was thrown enough off track to allow the true culprit to enter Canada via another passport card, and hop on a plane with a ticket bought online with yet another cloned card and fly to a cave in Pakistan to join his bin-buddies whom we (in fairness, it's only Bin nearly a decade) can't seem to find. Nice job Homeland Security.I've included a video of the act of cloning these cards. Amazing. This was dark reading indeed. Here's the YouTube Video, followed by the excerpts of the story.
Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses
Researcher demonstrates the ease of scanning and cloning new Homeland Security-issued IDs
With a $250 used RFID scanner he purchased on eBay and a low-profile antenna tucked away in his car, a security researcher recently cruised the streets along Fisherman's Wharf in San Francisco, where he captured -- and cloned -- a half-dozen electronic passports within an hour.
Chris Paget, who will demonstrate the privacy risks with these IDs at the Shmoocon hacker confab later this week in Washington, D.C., coined this newest RFID attack "war cloning" given its similarity to war-driving, or wireless sniffing. "War cloning -- it's the new hacker sport," he says.
The security weaknesses of the EPC Gen 2 RFID tags, which lack encryption and true authentication, have been well-known and of concern to privacy advocates for some time. These tags are being used in the new wallet-sized passport cards that the U.S. Department of Homeland Security offers under the new Western Hemisphere Travel Initiative for travel to and from Western Hemisphere countries. The e-cards are aimed at simplifying and speeding up the border-crossing process, providing U.S. Customs and border agents with information on the individual as he or she queues up to inspection booths at the border.
Until now, security researchers for the most part have shied way from hacking away at the new e-passports and e-driver's licenses to illustrate the potential privacy problems because the necessary scanners are expensive -- nearly $3,000 new -- and tough to get. "I found a way to procure equipment on the cheap and repair it and make it do exactly what I wanted it to do," Paget says. (Editor's Note: That's great news, security researchers can't afford equipment, but fraudsters are "well-funded.")
Unlike previous RFID hacks that have been conducted within inches of the targeted ID, Paget's hack can scan RFID tags from 20 feet away. "This is a vicinity versus proximity read," he says. "The passport card is a real radio broadcast, so there's no real limit to the read range. It's conceivable that these things can be tracked from 100 meters -- a couple of miles."
Paget says he was able to drive his car at 30 miles per hour and capture an RFID tag in a matter of seconds. "The software for [copying them] lets you just choose the tag you want to copy, wave a blank tag in front of it, and it writes it out," he says.
Read Full Article at Dark Reading