back to article Defects in e-passports allow real-time tracking

Computer scientists in Britain have uncovered weaknesses in electronic passports issued by the US, UK, and some 50 other countries that allow attackers to trace the movements of individuals as they enter or exit buildings. The so-called traceability attack is the only exploit of an e-passport that allows attackers to remotely …


This topic is closed for new posts.
  1. Christoph

    What more can they do?

    Can someone still use a 'legitimate reader' that they've stolen, to read any passing cards and get this code?

    It is possible to identify the nationality of issue of the document? And so build for instance a nationality specific bomb?

  2. Charles King

    Kiddie-fiddlers in e-passport security alert

    You didn't mention that the paper points out how the authentication system employs nonces. Obviously the entire system has been infiltrated by Pedos.

  3. Ben winnipeg
    Jobs Horns

    dont be surprised

    in 10 years we will have them implanted in our bodies...

  4. Anonymous Coward

    How could people not see this sort of attack?

    How could people not see this? I cannot believe this stuff would not have been pointed out when RFID technology was suggested? What possible benefit would you get from RFID that you would not get, with greater security, from a smart/oyster card insert/tap system.

    Now, where did those plans for my start-up selling tin foil lined passport holders?

    1. AnotherWeasel

      Faraday Passport Holders, eh?

      Your joke startup has already been going for a few years:

      The real joke? I bought one for research purposes. They're quite smart and attract glances from all the ladies in horn-rimmed glasses. Additional room inside for a few RFID enabled Oyster cards and the number of the beast. I'm going to play around with it over the next few weeks and see how well it shields the passport, the Oyster cards etc.

      Here's a crazy thought: how about including a momentary touch switch in the RFID passports which requires the individual reading the card to hold it down, to complete the circuit to the antenna, so that it responds to the card reader? No operator, no response. Oh wait, no. That's sensible.

  5. Anonymous Coward
    Black Helicopters

    RFID's can be read up to 70 ft away at 70 MPH

    Here in NY State, the Dept of Transportation instituted it's own little privacy violation by installing long range RFID readers to pick up "Easy Pass" (Powered RFID) toll billing info even when there is no toll to pay. The readers are located under bridges and on poles, usually on the passing lane side of the highway. What they are used for is a true mystery as the state will not give a straight answer.

    I am willing to bet that when your car is in the toll booth lane, the 4 ft square high power reader could certainly read your passport chip if there was clear line of sight.

    When you see the people manning the toll booth, you'd know those are the last folks you would want having your personal passport details.

    In fact, one of the local toll booth attendants was just arrested for stalking someone promoting the permanent removal of the toll booths.

    Anyone with a little knowledge could scan your passport if they got close enough and the whole thing could fit in a countertop or briefcase.

    The question is, can they actually read the data? You know there would be a compromise between how well the data is encrypted and the length of time it would take to decrypt so the TSA (Transportation Stupidity Agency) would have to wait too long for display. Their "screeners" might lose "focus" if it took too long.

    Tin foil wallets for everyone please!

    1. Anonymous Coward

      Do they need to decrypt it? It is still a single ID

      I don't think they even need to decrypt it as it will identify YOU. Your passport has a unique RFID number. 'They' just need to match you to your RFID somewhere - say you pay at that toll booth with your credit card, they now have matched your name to the RFID tag. Like lists of credit cards on-line there will be lists of RFID to name matches on-line for sale.

      So without ever cracking the RFID encryption anyone with a scanner will be able to tell when you walk pass their scanner.

      Damn - someone has taken my tin-foil passport holder already :-(

    2. IR

      Big conspiratorial mystery = solved.

      They are for tracking trucks to make sure they aren't going on certain roads with a heavy load or bypassing weigh stations. Big conspiratorial mystery = solved.

  6. Fuzz

    Don't get the point in RFID passports

    I have one, I recently travelled with a friend who doesn't.

    At border control we went to separate desks and handed over our passports. My friends passport was swiped through a machine which reads the text at the bottom of the page, this takes less than a second.

    My passport was held up against the RFID reader which seems to take anything up to 10 seconds.

    1. Gareth Gouldstone

      Slow processing

      This was my experience too. Not only did I have to remove the passport from it's holder, but it had to be held (picture page) face down on a glass scanner plate. It then took at least 15 seconds for a reaction from the system. This is either really stupidly designed booths/processes, or the software is very slow to get a match.

  7. Mike 140
    Big Brother

    Colour me ...

    ... unsurprised.

  8. Mike O'Brien

    Crisp packets are essential

    Oh, just shove your passport inside a packet of crisps and be done with it all. Preferably eat the crisps first.

    And Fuzz, RFID readers are faster than barcode or optical scanners, assuming they're the technologies you refer to. Could be crap software in the middle though, or the back-office servers. Or the comms load. Oh, I could go on.

    1. Anonymous Coward

      That's the idea, but whoops

      The point of having a human look at a passport isn't just to verify the picture, but also to look whether the bloody thing isn't forged. In that respect an OCR system (``reading the lines at the bottom'') with an attendandt looking on is far superior to a noisy RFID system.

      There are ``trials'' going on with computer vision and whatnot where your face is electronically matched with whatever the system is fed over RFID. You could almost put your picture on an oyster card and pass those systems to board an aeroplane. No human to check whether that was actually a valid government-issued passport. That the government can lose sight of something so simple I find eerily telling.

      Of course, we all already know that to bomb your pants on an aeroplane you don't even need a passport. You only have to be slightly nutty and have someone looking more respectable than you do tell the goons you're ok and let you pass. They will, no sweat. Those electronics will too, so that's alright then. Carry on government.

  9. Kevin McMurtrie Silver badge


    It doesn't make sense why there isn't a hinged metal plate over the antenna. It doesn't need to be thick, it doesn't need electrical contact with anything, and it doesn't need software support. Regardless of how secure you think a protocol is, it's common security sense to not let people play with it when they don't need to.

  10. Eddy Ito


    Are the passports still valid if the RFID doesn't work? If so is there any way to whack these things with a sufficiently large or proper frequency pulse to fry them? I took great pleasure in building a home-made degausser for correcting the magnetic strip on my drivers license and I'd like to know what I need to make in order to fix the new one when it comes due and the passport I'm currently waiting for. Hmm... I wonder if 30 seconds in the microwave will do.

    1. Chris Miller
      Thumb Down

      No degausser necessary

      If it's anything the like the magnetic strip on British rail tickets, placing it in your pocket next to a mobile phone for 30 seconds should do the trick.

      1. Graham Wilson

        Do not rely on this working - see my other posting

        Do not rely on this method to working, in fact it should not - see my other posting.

        To 'kill' RFIDs you either:

        1. have to zap them with sufficient energy (microwaves etc.), or,

        2. Adequately shield them from detection using RF/EMR shielding.

    2. MinionZero
      Big Brother

      @"is there any way to whack these things" ... and range of reading...

      I'm wondering if simply placing it in a Microwave oven for 10 seconds is enough to fry it without it looking like its fried (so no visible burn marks). Either that or a high voltage blast from an old CRT monitor/TV static discharging into it is likely to do the job. There's a number of ways to generate high enough voltages with static (with enough current) to blast the thing.

      That said, sadly with so many easy ways to fry it, I can't think the control freaks who want everyone to be their exploitable minions will accept fried cards.

      By the way, here's a company thats marketing a way to read passive RFID cards at 30 feet range. (With the active RFID cards 30 feet has been easy to achieve, but this shows it can also be done with passive RFID as well).

      Ultimately the only reason to put wireless readability on a card is that the control freaks in power want wireless card readers. Sadly I wish the only question then was at what range do they wish to read the cards wirelessly, but what we keep seeing with the control freaks, is that as soon as any new technology gives them another ability, they cannot resist exploiting it. So even if it wasn't their initial intention to read the cards over longer distances, they will still want to exploit every new ability technology gives them. :(

      1. Graham Wilson


        Left over electrostatic charges from CRTs etc. may not do it. (I've failed to kill circuit boards this way but if you didn't want a static failure it probably would fail).

        The only truly effective way is using a microwave oven, here you have access to 700plus Watts of microwave energy. Nevertheless, even this can be a tricky process.

    3. Graham Wilson

      IMPORTANT: Microwave Zapping Rules.

      Don't leave it in the Microwave too long or the damage will be obvious. Too long and you'll not only have killed the electronics but the μWave will heat up plastics, paper--just about everything if the energy is concentrated enough.


      1. μWave cookers of the ~700W variety take a finite time to get going--when switched on they sound as if they're working but they're not. It takes a few seconds for the filament in the magnetron to heat up (the filament emits electrons when hot). This is important for if this 'dead zone' time is added to the real zapping time it's possible you will overestimate the zapping time if you need to add a 'bit more' zap on the second time around.

      For example, if the machine takes 3 seconds dead zone time and only 1 second zapping time you may think the zapping operations is 4 seconds when it in fact 1. If you double this false zapping time to 8 seconds you are in fact applying 5 times as much μW (1+4) and that'll be too much.

      2. To well and truly fuck-up integrated circuits etc. you only need a second or two of μW at 700 watts. (But you do need to calibrate the effect with a similar sample beforehand--too much μW and the IC centres start popping out and things begin to smoke--you never need to go this far. Besides, going too far and it's bloody obvious to everyone you're the Smart Alec who made the mess.

      3. Applying too much μW can be as little as 3 seconds zapping time (depending on what it is).

      4. To test the dead zone time of an empty microwave place an old standard CD (commercial type with 'silvered' mirrored surface) onto the rotating platter and switch on. Start stopwatch simultaneously and watch for the moment the flashes start (as microwaves disintegrate the surface) then immediately stop the watch. Read off the dead zone time in seconds

      5. Typical zapping time = dead zone time + 1 or 2 seconds.

      6. Putting non-standard stuff in a μW can be dangerous (some things when heated produce lots of vapour and the object might shatter). As with anything that's heated sufficiently, combustion fumes will be given off and stink out the μW

      7. WARNING! You may suffer considerable damage to your person when the head of the kitchen throws a rolling pin at you for having stunk out the μW.

      8. Putting Government property into a μW is most likely unlawful. I'm not recommending that you break the law--check with your lawyer first.

      9. Some things can be resilient. You must check RFIDs after zapping to ensure they're actually dead.

      10. DO NOT DO THIS unless you are a professional nerd, techie experienced in such matters, or experienced pyromaniac. If you're not careful it's possible that you could have both the head of the kitchen and The State after your nuts. Not a bright idea!

      11. There are similar examples of μW zapping on YouTube.

      P.S. For the less adventurous. Wrap RFID devices in suitably shielded materials when you carry them around. The minimal amount of RF/EMR shielding should be determined empirically by checking it with an RFID reader (note not all RFID readers will be the same--some will be more sensitive than others). Shielding materials typically are metal boxes, metal foil, metal gauze etc. If you consider that protecting your ID is important then make sure that you fully test any RF/EMR screening system that you employ before you put it into service.

  11. david wilson

    Wondering about the implications.

    Seems like this might make it slightly easier than previously to check the movements of people who *don't* carry a mobile phone, but who *do* habitually carry a passport around with them

    Well, that only rules me out of worrying about it on two counts, and most other people on at least one count.

    And it only requires placing hardware at any place you want to know someone has passed.

    If you wanted to automatically tell, for example, when someone was entering or leaving their hotel, would you need to place multiple machines per entrance to tell whether someone was coming or going?

    Otherwise, if I walked towards the door and changed my mind, then actually left half an hour later, someone might think I was coming back in.

    Unless the watchers have someone watching the machine to note which direction the target is walking, which *somewhat* seems to defeat the object of automating the business.

    1. Anonymous Coward
      Anonymous Coward

      Doesn't matter, in terms of privacy

      Knowing which direction you passed the door isn't the bit that damages your privacy; just that you've been in that location (or in the same location near enough the same time as someone who they're specifically watching, if it's not the location itself that they're suspicious about).

      Which reminds me of one of the stories about the Cynic philospher Diogenes: when someone criticized him on seeing him leaving a brothel, he replied that it would have been better to criticize him on the way in!

      1. david wilson


        >>"Knowing which direction you passed the door isn't the bit that damages your privacy; just that you've been in that location (or in the same location near enough the same time as someone who they're specifically watching, if it's not the location itself that they're suspicious about)."

        This seems basically a cased of anyone not planning on doing anything that anyone else would be interested in (which is the great majority) being entirely unaffected, and anyone else having a cheap and simple way of defeating the possible surveillance method.

        The only people left exposed would seem to be people who carry a passport (but no mobile) *and* who don't suspect that anyone might find their movements interesting.

        Doesn't seem like a very large group of people.

        (Also, If someone's worrying about Global State Surveillance, then the ability to capture details at a border on a one-at-a-time basis and/or get information from card error messages, etc is irrelevant, since the One World Government would have issued someone their passport in the first place, as well as having details of their mobile phone, etc)

  12. ThreadGuy

    Holy passports!

    "People will continue to poke holes in e-passports"

    Sounds like the best countermeasure to me. Or at least a surreptitious slice with an exacto knife.

  13. James Taylor 3

    Unique ID

    As "Single ID" AC mentioned at 00:02, there might not be a need to decrypt the passport as long as it returns a unique ID.

    RFID passports (and possibly contactless credit cards) might be useful as tracking devices -- think DoubleClick or Google, but in real life.

    A shop might want to observe customer shopping habits. Which sales attract the most first-time customers? How long does the average customer remain in the store (difference between entrance scan and exit scan)?

    An advertiser might like to know which stores, movies, sporting events, or travel destinations a passerby frequents.

    A sports venue might want to alert security if a Known Troublemaker walks through the gate.

    Less savory uses are left as an exercise for the reader.

  14. Winkypop Silver badge

    Tin-foil plot

    No gubberments want you to travel.

    That's why travel these days is such a hassel.

    Stay at home; work, consume, pay tax, breed, die...

    1. Wommit
      Paris Hilton


      Winkypop you put the wrong icon on your post.

      That's all true so no joke.

      Next time the one you're looking for is sixth from the left on the middle row.

  15. Wind Farmer

    Can the RFID (antenna) be fried?

    Thinking back to anti-shoplifting devices that are embedded in (or glued onto) items, often they are deactivated by placing them within a strong electro-magnetic field, which I understand damages the antenna coil by producing so much heat it melts. Is this an option to deactivate the RFID and leave an unsmart passport?

    1. The BigYin

      Nice as that may be...

      ...but deliberately hobbling the RFID chip will be taken as a sign that you have something to hide and lead to the police giving you a full cavity search in public (or whatever it is RIPA lets them away with).

      There's been too many stories of people not co-operating 100% and immediately with any inane plod request and then getting in deep-kaka because of that.

      You will obey the law.

      You will obey the police.

      You will obey the machine.

      Labour has spoken - you have no choice.

  16. jake Silver badge

    But they said ...

    This is not possible! Did they LIE to us? ::wrings hands in dismay::

    Back to reality ... Gee. Whoodathunkit ... Vote, people. It's the only way out ...

    1. Anonymous Coward
      Big Brother

      Vote for who?

      Politicians: they're all just as bad as each other. It's becoming a case of "same shit different spokesperson". I'm thinking it has gone beyond the point where mere voting will help much.

      If more people voted it would be a start. If more who do vote got themselves informed and didn't just auto-vote for "their" party, or expanded their participation in the democratic process beyond the few minutes they spend voting every few years, it might, just maybe, remind the fuckers just who they're supposed to serve. That's the only way out short of a coup.

  17. Mr Chris

    An even worse threat

    Frighteningly, there is an even more prolific scanning apparatus that can be used to track when a given target you already had to have identified enters or leaves a building - it's called the eyeball.

    Honestly, I thought this was going to be something *actually* scary, akin to real time GPS location.

    Least scary sploit ever, chaps.

  18. Anonymous Coward
    Anonymous Coward

    In other news

    Ursine defecation spotted in forests, Pope is really Catholic.

    FFS, this is and has always been bleeding obvious.

    Even before these things were available in the UK I was explaining to colleagues why RFID passports and ID cards were a bad idea and how easy it is to track people using them.

    All that's needed is a few readers at pedestrian entrances to shopping centres, train stations etc. and coupled with the CCTV networks out there you've got a massive tracking and surveillance system.

    I might be paranoid but it doesn't mean I'm wrong.

    1. david wilson

      @AC 11:02

      >>"Even before these things were available in the UK I was explaining to colleagues why RFID passports and ID cards were a bad idea and how easy it is to track people using them."

      Lucky colleagues you have.

      Did any of them actually *care*?

      Presumably, none of the ones who are reasonably bright and who also carry mobiles, or use an Oyster card (or similar) or buy train tickets (or go shopping) with credit/debit cards were particularly concerned, even if they might have humoured you.

      And why would a Big Brother give a flying duck *who* went to a shopping centre?

      Have they become great centres of suburban subversion, but no-one told me?

      And if I were you, I'd be very careful.

      You *do* know that 'they' are particularly interested in people posting anonymously on the internet, don't you?

      And that The Register is actually a Great Big Honey Trap?

  19. smudge

    @Fuzz - RFIDs taking up to 10 seconds

    I worked on a project where we had one of the passport readers used currently at UK passport control.

    Our informal testing showed that UK passports did take about the time you mentioned from insertion into the reader to display of details. This was about 50% longer than a passport from a mainland European country, which suggested to us that the UK Government had been saving money by buying slower RFID chips.

    1. Anonymous Coward
      Anonymous Coward

      not being funny but...

      Have you not noticed that there are now handy buttons called "Reply to this post" under each post?

      Or are you just refusing to use them? or what?

      Just askin...

      1. smudge


        hadn't noticed

  20. John Smith 19 Gold badge

    The merkin sensitive IED is closer than you think

    Figured this was a *possiblitiy* years ago. For extra flexibility package the "Merkin detector" as a seperate unit. Hey presto the terrorist group of your choice gains the ability to inflict maximum damage on the people it dislikes the most.

    For extra benefits inclued other nationalitiy options (UK? French? Pakistani?) and a "multiple" option to only go off when there's more than one signal. Good plastique is expensive.

    Mine's the one with the passport in the faraday cage wallet in the side pocket.

  21. Ian Ferguson

    Not just passports

    Surely this isn't a "weakness in passports", it's an inherent property of RFID tags. You might as well point out that anybody out shopping can be tracked in and out of shops by reading the RFID tags from their shopping bags.

    This would only be a concern if any personal information could be tracked at the same time; obviously the data is encrypted, but I wonder if different countries use different encryption algorithms? If there is a noticable difference in the data read from different makes of passport (data size, encryption fingerprints, any other tag-specific info), it would potentially be possible to track how many visitors with RFID passports you are getting from each country.

  22. Dr Patrick J R Harkin

    This is scarcely "news"

    As soon as someone said "The passport has an RFID tag", this article could have been written.

    Surely if you actually want to track someone (someone who you can get within 20 inches to read their tag in the first place) it'dd be far easier to plant your own RFID tag rather than rely on them carrying their passport.

    1. BristolBachelor Gold badge

      Using RFID signatures from passports / creditcards / oyster

      Dr Patrick J R Harkin said:

      "it'dd be far easier to plant your own RFID tag rather than rely on them carrying their passport."

      That may be true, but using their passports / credit cards / drivers license, etc., you can track them for years before you know who they are. You can then check through all your old data now knowing who they are.

      Or you can correlate when a known card enters / leaves an area with other information of when somoene is there. Eventually you will know who they are because they are the only person there everytime Mr. X buys something on his credit card.

      1. david wilson


        >>"Or you can correlate when a known card enters / leaves an area with other information of when somoene is there. Eventually you will know who they are because they are the only person there everytime Mr. X buys something on his credit card."

        But if you were Big Brother, you'd already *know* who they were.

        You'd have been the one who gave them the passport/ID card and then hoped they carried it unshielded to somewhere they were doing something 'undesirable'

  23. Paul 4

    Proof of concept

    Fine as a proof of concept, but realy, what is the worry for those of us who think a tinfoil hat is nothing more than a cheep way to finish off a fancy dress outfit?

    Realy, how many people carry a passport around with them? The passport office says you should not. And out of those people how many don't have a mobile? And from that fraction, how many don't have another RFID chip on them, such as a work door pass or a bus pass?

    I don't see what all the paranoia is about. There are much better things to worry about.

  24. Anonymous Coward
    Anonymous Coward


    Hammer time.

    Problem solved.

  25. Anonymous Coward
    Anonymous Coward


    It's not an attack it's a filth desired feature.

  26. Keith T

    This is a good example of why RFID passports are a good idea

    You can shield them, you can give them off-on switches.

    With other passports you can just watch the person or use electronic surveillance. So this vulnerability introduces nothing new.

    A passport is not some invisibility shield no matter what "security researcher" geeks might think.

    What these passports are supposed to do is reduce the chances foreign intelligence agencies can forge our passports.

    If they do that, they are worth it.

  27. Mike Bell
    Big Brother


    That's a feature, surely!

  28. Jacqui Smith's DVD Collection!

    Yes... And?

    Why cant we have foil in the covers to shield the chip when the passport isn't open?

  29. The BigYin
    Big Brother

    Farady wallet

    Or Farady pockets?

    Whilst I can accept that in certain place it should be a requirement to identify oneself, I object strongly to be identified and tracked against my will, and especially in a public place without my consent and without probable cause.

    Still, there is little sense in going to great lengths to protect your identity like that and then using a credit or debit card. They can just track you that way.

    Tin foil hat, please.

    1. Anonymous Coward
      Anonymous Coward

      Full of paranoid planks...

      "I object strongly to be identified and tracked against my will, and especially in a public place without my consent and without probable cause."

      You honestly think you're that important...?

      1. markp 1
        Big Brother

        why do you assume they aren't?

        Also, it's called solidarity. We all make the stand together, and those of us who may be influential in keeping us free in the future, and whose influence may depend on not having their whereabouts and business continually tracked (yay communist russia - so hard to make and distribute your anti-oppression samizdats when every decent typewriter, printing press and mode of rapid transport is very very tightly controlled) then get the opportunity to work their magic.

        The "bad" people get an easier ride too, or at least the stupid ones who haven't figured out workarounds or got bent contacts who can give them false RFID passports, but on the whole the corrupt ones have a better chance of getting into positions of power anyway. So I think it would more go the way of the (subjectively, mind) "good".

        1. david wilson

          @markp 1

          >>"We all make the stand together, and those of us who may be influential in keeping us free in the future, [...] then get the opportunity to work their magic."

          Well, if our future freedom relies on people who haven't got the wit to use a simple workaround, I guess we're already screwed.

          Also, if we got to the point where everyone was required to carry a unshielded RFID chip at all times *and* that was heavily enforced (like anyone passing a checkpoint without generating the appropriate signal being arrested), that would suggest that the people 'keeping us free in the future' would already have failed

  30. Anonymous Coward
    Anonymous Coward

    get one of these

  31. Anonymous Coward

    If only they could...

    Incorporate some kind of device into the passports to turn the RFID "On and Off", perhaps a cardboard slider with contacts on that the owner can move to complete the circuit. It could be slid to the "on" position when the passport is needed to be readable via RFID and slid to the "off" position when the passport does not need to be read.

    Such a device would allow the owner to switch between the on and off modes.

    This device could be called an "On and Off Switch"


    1. markp 1

      Genius, but it misses a key point of the article

      The "rogue" readers could simply be placed *near* the legit ones - upto about half a metre, which isn't much, but it does give you some latitude in hiding it. So when you turn it on - or remove it from the faraday pouch - for the bored customs official to blip it against his security system's reader pad, the intruder can also piggyback on or even intercept that signal, and do more besides during the few seconds your passport is in range. That's all it needs...

      Secure documents with radio tranceivers in are just so prone to unintentional leakage of a type that was fairly easy to avoid just by keeping the cover closed, or the doc in a closed briefcase. Such a dumb idea. I wonder what Oyster (Cocaine, National Security Citizen Tracking Lunacy)-addled tool came up with it?

  32. David Benoit


    "It could be slid to the "on" position when the passport is needed to be readable via RFID and slid to the "off" position when the passport does not need to be read."


    the passport could, I dunno, be slid through a device that reads the information from it directly. Oh wait, that's what we had/have!


    Defects in e-passports

    "...unless the holder shields the government-mandated identity document in a special pouch." Will this also work when walking oout of a store with stolen merchandise protected with RFID?

This topic is closed for new posts.

Other stories you might like