This gun hunts only RFID tags.[mnt], who brought us laser gesture control, built this RFID Zapper but included so much more. Any good weapon has to sound mean, a feat he’s accomplished by incorporating an MP3 player into the rifle. The coil that zaps the RFID tag is powered by a photo-flash unit, but for visual feedback he’s got a second unit that flashes light to signal the demise of your German passport (see the video after the break).
It’s hard to believe we haven’t covered RFID Zappers yet. The concept came out of the Chaos Communication Congress a few years back. This method works by sending a very strong electromagnetic field through the RFID tag that causes it to burn out. There’s a wiki post on RFID Zappers but Firefox threw a certificate warning when we loaded it up; read at your own risk.
When we first saw [Chris Paget]’s cloning video, our reaction was pretty ‘meh’. We’d seen RFID cloning before and the Mifare crack was probably the last time RFID was actually interesting. His ShmooCon presentation, embedded above, caught us completely off-guard. It’s very informative; we highly recommend it.
The hardest part about selling this talk is that it has to use two overloaded words: ‘RFID’ and ‘passport’. The Passport Card, which is part the the Western Hemisphere Travel Initiative (WHTI), is not like the passport book that you’re familiar with. It has the form factor of a driver’s license and can only be used for land and sea travel between the USA, Canada, the Caribbean region, Bermuda, and Mexico. They’ve only started issuing them this year.
The unique ID number on Passport Cards doesn’t divulge the owners private details, but it’s still unique to them. It can be used to track the owner and when combined with other details, like their RFID credit card, a profile of that person can be built. This is why the ACLU opposes Passport Cards in their current form. The US does provide a shielding sleeve for the card… of course it’s mailed to you with the card placed outside of the sleeve.
Technology exists to generate a random ID every time an RFID card is being read. The RFIDIOt tools were recently updated for RANDOM_UID support.
[THC/vonJeek] have released an application that allow you to backup and modify E-Passport data. Check out the video of Elvis checking in at the airport. Apparently there is no way for the machine to know if the passport has been tampered with.