Mobile RFID Scanning


[Chris Paget] is going to be presenting at ShmooCon 2009 in Washington D.C. this week. He gave a preview of his RFID talk to The Register. The video above demos reading and logging unique IDs of random tags and Passport Cards while cruising around San Francisco. He’s using a Symbol XR400 RFID reader and a Motorola AN400 patch antenna mounted inside of his car. This is industrial gear usually used to track the movement of packages or livestock. It’s a generation newer than what Flexilis used to set their distance reading records in 2005.

The unique ID number on Passport Cards doesn’t divulge the owners private details, but it’s still unique to them. It can be used to track the owner and when combined with other details, like their RFID credit card, a profile of that person can be built. This is why the ACLU opposes Passport Cards in their current form. The US does provide a shielding sleeve for the card… of course it’s mailed to you with the card placed outside of the sleeve.

Technology exists to generate a random ID every time an RFID card is being read. The RFIDIOt tools were recently updated for RANDOM_UID support.

[Thanks Zort]

18 thoughts on “Mobile RFID Scanning

  1. The actual RFID of American passports is generated randomly, it would seem there is a unique and non-changing ID somewhere lower in the protocol, but the basic ‘ID’ he seems to be reading changes every time you read the badge (or from what I’ve read it acts this way, much info on google).

  2. Apparently these aren’t even passports, they are some kind of limited ‘passport cards’ issued to people who live on the borders with Mexico or Canada. They don’t contain any personal information. Each EPC tag has a baked-in unique serial number, yeah, but who cares. We all carry mobile phones!

    If you want to feel watched, come live in the UK, where things like this exist:

  3. My understanding is a static bag will provide enough shielding to stop most rfid signals from emanating. (i keep my toll road pass in a static bag in my glove box after reading something about them being cloneable) Is this true?

  4. “I never post, but this made me lol
    of course it’s mailed to you with the card placed outside of the sleeve.”

    btw, something is wrong with this post window, using a foriegn keyboard makes me unable to type in “@” including the “‘s (had to copy paste from notepad)

  5. Besides the fact that he has steam installed,……

    This is a sweet hack, I wish I had the cash to play with the reader.

    The closest I was able to come was to get a parrallax module and a free wired arduino into some poster board that I printed a generic security poster warning users that their tags could be “sniffed” and to keep their badges in their pockets at all times to avoid pictures being taken and a duplicate badge made.

    I placed it above the reader and was able to get a few tags. It was quite ironic, unfortunately the lithium cell I used was only able to power it for a few hours, it would be nice to have it passively powered off of the reader itself though.

    Did anyone go to ebay to go grab one for $250 like I did?, they are going for $999 and up now. Ill wait for them to come down in price.

  6. Wait, in america they actually mail passports? WTF.
    Unlike america if I want a passport I have to goto town hall in person, seems a bit frivolous to go all insane with RFID and security as they do and at the same time mail passport cards to people.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.