The problem with passports

For one thing, they are a PITA to get processed right now. Waiting 14+ weeks is crazy. But that is a different rant.

My problem is actually with the embedded RFID chip in the passports. The US government pushed ridiculously hard to get these chips embedded in passports worldwide, based on the (false) assumption that they would be more secure and more difficult to forge. They aren’t, but that’s not even the worst part. Because they are now computerized, they are vulnerable to attack. RFIDs have long been known to be susceptible to skimming, where the content of one chip is copied and loaded onto another chip. As an added bonus, it is possible to modify the data before loading it on to the new chip. So take a passport, read some data off of it, modify it and then walk up to a passport station and see what fun ensues.

In the case of this guy, it may result in a ICE official who is none too happy with you. See, it turns out that there are some known issues in the file format used to store the copy of your passport picture on the RFID chip, so a minor change can result in a buffer overflow on the reader – the type of thing that is known to crash computers and leave them vulnerable to attack. So far he’s successfully crashed two different brands of readers, and he didn’t really have to try too hard.

I wish I was in Vegas tomorrow to go hear him speak about this, but, alas, I must slave away instead to fund the next few vacations.

Oh, and I did make sure to renew my passport a little early last time around, just to make sure I didn’t get one of the fancy new ones with the RFID chip in it. I’d hate to have to buy a leaded leather wallet for it. Hopefully things will be better in 8 years when renewal time rolls around.

Never miss another post: Sign up for email alerts and get only the content you want direct to your inbox.

Seth Miller

I'm Seth, also known as the Wandering Aramean. I was bit by the travel bug 30 years ago and there's no sign of a cure. I fly ~200,000 miles annually; these are my stories. You can connect with me on Twitter, Facebook, and LinkedIn.