University of Birmingham (UB) researchers have discovered a flaw in e-passports that makes them susceptible to identification. The defect is in the design of the radio-frequency identification tag used by e-passports. The discovery makes it possible to detect the passport of a particular person from a distance of a few meters.
An attacker can track the movements of a specific passport by replaying a particular message. The research has shown that there is a flaw that makes it possible to identify the movements of a particular passport without having break the passport's cryptographic key. E-passports have been issued to more than 30 million people.
An e-passport is the most recent generation of passport. It is an identification document combining a traditional passport with a RFID tag capable of performing cryptographic operations, storing biometric data and other personal information. All e-passports have RFID chips embedded into them – these carry personal information such as date of birth, passport number and a photograph, and they respond to any radio signal sent to them.
Cheap and easily available RFID tag readers can be used to send a signal to a passport. University of Birmingham computer scientists have shown that by replaying a particular message, the attacker can distinguish any passport from any other.
An attacker could identify a target by using the reader to send a signal to the target’s passport and then, for instance, build a device that could be left by a door to detect when the target entered or left the building.
Please refer here to read more details.