Researchers at the University of Washington are pointing to potential problems with new RFID-enabled identification cards issued by the U.S. and the state of Washington. Vulnerabilities in the RFID tags embedded in the U.S. Passport Cards and Washington’s enhanced driver’s license (EDL) could leave the cards open to snooping or copying by hackers, according to a report issued Thursday.
According to the report, the risk to individual passengers is low, but the problems create systemic weaknesses in the border-crossing system. Among the risks the researchers point to are the possibility that the tags could be cloned to produce false IDs, which could become more of an issue since the IDs only need to be scanned, not handled by border security. Hackers could also cause the tags to self-destruct. And while the cards do not contain personal information, a long-distance scan of the cards could enable criminals to track individuals without their knowledge.
Tadayoshi Kohno, an assistant professor of computer science and engineering at the University of Washington and one of the authors of the report, emphasizes that these security holes should not cause a panic. Additional security measures already in place at the border can reduce the risks of exposure to hacking, and the security of the RFID tags used in the cards can be increased through pin codes and other devices. The researchers have offered recommendations to U.S. and Washington authorities.
The passport cards and the EDLs were both introduced earlier this year to enhance security at land and water border crossings. The cards can not be used in air travel.