Blackhat 2006: Explosive risks in RFID-enabled passports?

Las Vegas (NV) - Security experts speaking today at Blackhat 2006 warned about potential vulnerabilities in RFID-enabled passports. Criminals can identify very specific passports from several meters away - which creates a whole new threat: Security firm Flexilis claims that terrorists could build explosives that would detonate in the proximity of certain passports.

The U.S. Government is currently testing RFID-enabled passports and plans on releasing the passports late this month. Traditional passports are visually examined and swiped into a reader, but the new passports can be scanned virtually automatically - people will only have to open their passport. Government officials hope that RFID chips will not only accelerate passport checks, but also increase security by having information on potentially wanted criminals readily available.

Security concerns have been voiced ever since the idea of RFID passports surfaced. Typically, government officials explain that such passports are scan-safe wire or foil mesh inside the cover protects the RFID chip from being scanned by unauthorized devices.

The problem, according to Flexilis, is that the shielding does not fully protect passport against remote scans. Kevin Mahaffey from Flexilis says a medium powered scanner could detect a partially opened passport from four to six inches away. The theoretical maximum detection range is more than 10 feet, but Mahaffey said that would require a "huge amount of power."

But could criminals actually get any useful information from scanning a passport? Mahaffey says personal information such as name, social security number and address will be encrypted on these passports, but adds that the real attack may come from just seeing if a person has a passport. "Identity theft is not an issue with these passports it's the ability for someone to determine if you have a passport or not," said Mahaffey.

The Flexilis team said that it looked into the potential implications of the issue and researched, whether it is possible that the simple proximity of RFID passports could activate a bomb or other malicious devices. The group placed an RFID passport on a mannequin and swung it close to a specially prepared trashcan. The trashcan held a RFID scanner and a few model rocket engines. The scanner was tuned to first detect passport RFID signals and then fire the rocket engines at the victim.

Passport equipped dummy getting roasted by rocket engines

A video shown by Flexilis at Blackhat shows the mannequin being pushed towards the trashcan and then being roasted and blasted away by the engine. Hering told TG Daily that a more determined criminal could explode a bomb. Mahaffey stressed that even though the nationality information is currently encrypted, someone may eventually break it and build a bomb that will explode when a specific country's passport passes close by.

The State Department is set to issue the RFID-enabled passports this month. Hering says that people concerned about getting the passports could protect themselves by placing the passports in a shielded bag, but added that the ultimate responsibility lies in our government to use the highest security for the passport.

TG Daily chats with Flexilis about passport RFID vulnerabilities:
TG Daily gets the inside scoop about RFID-enabled passport vulnerabilities. James Burgess, John Hering and Kevin Mahaffey from Flexilis talk about how the passports can be scanned remotely and criminals could eventually make a bomb to target American passport holders.

Download the audio chat here. Running Time: 24 Mins 26 Seconds - 18.7 MB

More Blackhat 2006 articles:
Las Vegas braces for computer security gurus

How are we doing? Take part in our TG Daily reader survey!