Researchers today demonstrated new hacking tools that allow easy and fast cloning of RFID chips, including those used in new UK biometric passports.
RFID passports are easily cloned, and in spite of security advances, it
remains possible to 'spoof' many nation's new biometric passports,
according to security researchers.
Adam Laurie, director, the
Bunker, said: "The concept is that all the biometric files on the
passport chips are digitally signed, so cannot be tampered with.
However, the problem is that the digital certificate that proves this
is also stored on the passport, so all an attacker has to do is write
their own certificate. The defence to this was for governments to set
up a directory to verify the real certificates. However, only 15 out of
around 55 countries now issuing the passports have signed up to the
directory launched last year, leaving huge numbers of passports
Laurie demonstrated his open-source RFIDiot
tools to delegates, first wiping data from a building access card, then
reprogramming it as a cloned animal ID chip. He explained that there
are at least two chips designed to be flexible in their deployment,
allowing the same hardware to be used in a variety of different
applications. This means that they can be reconfigured, reprogrammed
and used as clones by a hacker.
"I find the human implantation
of RFID chips especially worrying. It's not difficult to reprogram
other chips to fool the readers", he continued.
follow a series of exploits to clone RFID tags, and rising concerns
among privacy advocates and security experts. A recent research paper
from Lausitz University of Applied Sciences, Germany and Radboud
University, The Netherlands, found that remotely detecting the presence
of a passport and determining it's nationality was relatively easy, due
to the differences between each country's implementation of the
"Although all passports implement the
same international standard, experiments with passports from ten
different countries show that characteristics of each implementation
provide a fingerprint that is unique to passports of a particular
country," stated the researchers.