An Israeli scientist has revealed security holes in America's passports and "smart cards."
Since 2007, every new U.S. passport comprises a computer chip. Embedded in the back cover of the passport, the "e-passport" contains biometric data, electronic fingerprints and pictures of the holder, and a wireless radio frequency identification (RFID) transmitter. While the system was designed to operate at close range, hackers were able to access it from afar.
But a study by Prof. Avishai Wool of Tel Aviv University's School of Electrical Engineering ensured that the computer chip in American e-passports could be read only when the passport is opened. The research has been cited by organizations including the Electronic Frontier Foundation, says an Asian News International
Now, research from Prof. Wool finds serious security drawbacks in similar chips that are being embedded in credit, debit and "smart" cards, the report says. The vulnerabilities of this electronic approach - and the vulnerability of the private information contained in the chips - are becoming more acute.
Using devices constructed from 20dollar disposable cameras and copper cooking-gas pipes, Prof. Wool and his students Yossi Oren and Dvir Schirman have shown how the cards' radio frequency (RF) signals can be disrupted, says the report. Replacing the camera's bulb with an RFID antenna, he showed how the EMP (electro-magnetic pulse) signal produced by the camera could destroy the data on nearby RFID chips such as ballots, credit cards or passports. Another attack involves jamming the radio frequencies that read the card.
Although the card's transmissions are designed to be read by antennae no more than two feet distant, Prof. Wool and his students demonstrated how the transmissions can be jammed by a battery-powered transmitter 20 yards away. This means that an attacker can disable an entire voting station from across the street. Similarly, a terror group could "jam" passport systems at U.S. border controls relatively easily, the report says.
Prof. Wool's work will be presented at the IEEE RFID conference in Orlando, Fla. this month.