If you’ve gotten a new or replacement U.S. passport since August, 2007, you are in fact carrying an e-passport; your passport includes an RFID (Radio-Frequency Identification) chip which contains:

  • The same data visually displayed on the data page of the passport;
  • A biometric identifier in the form of a digital image of the passport photograph, which will facilitate the use of face recognition technology at ports-of-entry;
  • A unique chip identification number; and
  • A digital signature to protect the stored data from alteration

In order to confirm that your passport (whether U.S.-issued or not) is an e-passport, check to see if this symbol is on its cover:

This is how it appears on U.S. passports:

Is your personal data at risk?

Some feel that their personal information can be compromised as the result of the passport RFID chip being vulnerable to attack; this quote from the Washington Post is typical:

…but RFID chips don’t have to be plugged in to a reader to operate. Like the chips used for automatic toll collection on roads or automatic fare collection on subways, these chips operate via proximity. The risk to you is the possibility of surreptitious access: your passport information might be read without your knowledge or consent by a government trying to track your movements, a criminal trying to steal your identity or someone just curious about your citizenship.

In order to address these concerns, the U.S. government had the e-passports designed with a shielded cover, so that the data is only accessible when your passport is open. Here’s what the State Department says about e-passports’ vulnerability:

Will someone be able to read or access the information on the chip without my knowledge (also known as skimming or eavesdropping)?

We feel that it would be good to point out what we have done to diminish the known nefarious acts of “skimming” data from the chip, “eavesdropping” on communications between the chip and reader, “tracking” passport holders, and “cloning” the passport chip in order to facilitate identity theft crimes.

Skimming is the act of obtaining data from an unknowing end user who is not willingly submitting the sample at that time. Eavesdropping is the interception of information as it moves electronically between the chip and the chip reader.

“Skimming.” We use an embedded metallic element in our passports. One of the simplest measures for preventing unauthorized reading of e-passports is to add RF blocking material to the cover of an e-passport. Before such a passport can be read, it has to be physically opened. It is a simple and effective method for reducing the opportunity for unauthorized reading of the passport at times when the holder does not expect it. (Kevin: this is the government’s way of saying that they employ a shielded cover.)

“Skimming and Eavesdropping.” We have adopted Basic Access Control (BAC) to minimize the risk of “skimming” and “eavesdropping.” Basic Access Control requires that the initial interaction between the embedded microchip in the passport and the border control reader include protocols for setting up the secure communication channel. To ensure that only authorized RFID readers can read data, Basic Access Control stores a pair of secret cryptographic keys in the passport chip. When a reader attempts to scan the passport, it engages in a challenge-response protocol that proves knowledge of the pair of keys and derives a session key. If authentication is successful, the passport releases its data contents; otherwise, the reader is deemed unauthorized and the passport refuses read access. This control would require the receiving state to read the passport machine-readable zone (MRZ) to unlock and read the data on the chip. The MRZ information is used for computing the encryption and message authentication keys used for the “secure” exchange. BAC mollifies the possibility of both “skimming” and “eavesdropping.”

What’s interesting to note is the fact that if a passport’s RFID chip is somehow damaged, the passport is NOT considered invalid (again, this from the State Department’s website):

The chip in the passport is just one of the many security features of the new passport. If the chip fails, the passport remains a valid travel document until its expiration date. You will continue to be processed by the port-of-entry officer as if you had a passport without a chip.

The State Department has suggested that RFID readers have an operating range of only a few feet.  Unfortunately, that’s clearly not the case, as the following story demonstrates.

Are these fears groundless?

Consider this story, which was widely reported in 2009:

Climbing into his Volvo, outfitted with a Matrics antenna and a Motorola reader he’d bought on eBay for $190, Chris Paget cruised the streets of San Francisco with this objective: To read the identity cards of strangers, wirelessly, without ever leaving his car.

It took him 20 minutes to strike hacker’s gold.

Zipping past Fisherman’s Wharf, his scanner detected, then downloaded to his laptop, the unique serial numbers of two pedestrians’ electronic U.S. passport cards embedded with radio frequency identification, or RFID, tags. Within an hour, he’d “skimmed” the identifiers of four more of the new, microchipped PASS cards from a distance of 20 feet.

Embedding identity documents — passports, drivers licenses, and the like — with RFID chips is a no-brainer to government officials. Increasingly, they are promoting it as a 21st century application of technology that will help speed border crossings, safeguard credentials against counterfeiters, and keep terrorists from sneaking into the country.

But Paget’s February experiment demonstrated something privacy advocates had feared for years: That RFID, coupled with other technologies, could make people trackable without their knowledge or consent.

If you’d like to see the video of Chris capturing data from passport cards, click here:  Cloning passport card RFIDs in bulk for less than $250; he captures RFID data by the 1:03 point in the video.

Note: Chris was scanning passport cards and electronic drivers licenses, NOT standard passports.  But a number of people have reported and demonstrated that a passport need only be open a fraction of an inch in order for the RFID chip to be read.

Where exactly is the RFID chip in a U.S. passport?

Despite Googling this subject and spending way too much time searching for a definitive answer, I’ve been unable to determine the chip’s exact location.  Having examined my wife’s and my passport carefully, I feel confident in stating that it certainly is NOT on any of the pages in the body of the document; it’s either in the back cover or the front cover.

I should mention that tampering with the RFID chip in your passport is indeed a crime in the U.S. There are numerous articles and posts regarding how to disable the chip, the most popular method involving a hammer. You could also microwave your passport for 5 seconds or so, melting the chip and antenna, but keep in mind that this will be rather obvious, as it’ll produce a small fire and charring. If you’re interested, such articles are easy to locate.

So: where does all this leave us?

  • It appears that the information stored on an e-passport’s chip is safe when the passport is closed
  • Having said that, if the passport book is open only a ½” or so, the data can apparently be accessed
  • If the RFID chip becomes damaged, your passport is still valid until its expiration date

If you want to opt for as much extra protection as possible, consider using something which completely blocks the RFID chip from being accessed or read. A simple solution is to wrap your passport in tin foil. A bit more sophisticated and durable approach is to purchase an RFID-blocking wallet or pouch.  Lined with a metallic fabric or material, these cases completely eliminate the possibility of your data being accessed. Of course you’ll still need to remove the passport when you reach Customs or Border Control checkpoints, but when you’re out and about, your data will be secure.

Tom Bihn offers an “RFID Blocking Passport Pouch” that’s available in 3 colors, and can be worn around your neck or waist, inside or outside your clothing.

Alternatively, you can detach the adjustable neck/waist strap and clip it to your bag with a Bihn (or other) key strap:

In the image above, you can glimpse the metalized fabric which enables the pouch to block access to the RFID chip, or other documents (electronic drivers licenses, etc.) which employ RFID technology.

The Bihn RFID-blocking passport pouch retails for $25; see it here: Tom Bihn RFID-blocking passport pouch

To visit the State Department’s site regarding RFID-equipped passports, click here:  The U.S. Electronic Passport FAQ

If you have strong thoughts about this technology being in our passports – or you know for sure where the RFID chip is located in U.S. passports (!) – please add to the conversation by commenting.

Similar Posts:

Share this article:

4 Comments on Keep your RFID passport data secure

  1. Adriano says:

    Kevin,

    AFAIK passport chip cloning is quite easy even for non-nerds. Moreover, the fact that the passport is valid even without chip seems to be applicable US passports but not to passports from other nations…

    “We recommend against folding or piercing in any way the passport cover, as this could damage the microchip inside it making the document unusable”

    From the Italian Police Website – original in Italian, my translation.

    So, think twice before hammering your precious document…

    [Reply]

  2. Alex says:

    Kevin – You’re confusing the Passport Card and the ePassport. Whilst it does appear that personal data can be read remotely from the Passport Card, the data from the ePassport cannot be read without the two lines of characters on the biographic page of the passport (i.e. physical access to the document), this is the BAC referred to in the article. In my opinion these passport blockers are preying upon a lack of understanding and some sensationalist reporting.

    As for ‘cloning’ the data on the chip can easily be copied to another chip (this is obvious as you need to be able to read the data), but then you just have a copy of a passport chip without a passport. You could even change some of the data before you put it on a new chip, then you’d have a chip, without a passport, that wouldn’t read as the digital certificates wouldn’t match. People have got plenty of media exposure creating test chips in exactly the way they were designed to be created, called it cloning and got lots of people worried. I have yet to see anyone posit an actual threat created by this approach let alone demonstrate an exploit.

    [Reply]

  3. Bill says:

    …and btw, these “rf wallets” light up airport metal detectors. Don’t try to go through them with one of these.

    [Reply]

  4. [...] 53 Read this > Biometric passport – Wikipedia, the free encyclopedia Passports to get RFID chip implants – CNET News Wired 15.01: START Keep your RFID passport data secure [...]

Leave a Reply