• Home
• Products & Services
• Solutions
• Research
• About Us

In order to increase the security of United States travel documents, the Government has developed a new 'electronic passport' system. This new passport system, slated for deployment in October 2006, will contain RFID tags: chips that will wirelessly send passport and biometric information to an inquiring RFID reader. Through extensive research and real world experimentation, Flexilis has discovered a significant issue in the State Department's proposed solution. This issue, if not immediately addressed, could put American passport holders at increased risk while traveling abroad for the ten year lifetime of the passport deployment.

RFID e-Passport Vulnerability

Starting October 2006, new U.S. passports will contain RFID (Radio Frequency Identification) chips which hold an individual's picture and personal information.  These chips can be “read” wirelessly from a distance of several feet. In order to prevent thieves from stealing sensitive personal data, the State Department has included several security measures in the proposed passport standard. 

Reading a passport's RFID chip requires a password generated by scanning the machine readable data on the inside front cover. Additionally, a small shield in the front cover is supposed to only allow wireless passport reading when the booklet is open.

The current system prevents attackers from accessing the onboard RFID tag when a passport is fully closed; however, when in a pocket, purse, or briefcase, a passport has a very high probability of being slightly open.  Our research has shown that, even when open only a fraction of an inch, the current proposed passport will fail to prevent unwanted RFID communications. 

Although the current shield is often ineffective, the chip's password prevents personal information from being unknowingly disclosed; however, the simple ability for an attacker to know that someone is carrying a passport (and where he or she is carrying it) is a dangerous security breach.

Additionally, it may be possible to determine the nationality of a passport holder by “fingerprinting” the characteristics inherent in each country's RFID chips.  Taken to a logical extreme, this security vulnerability could make it possible for terrorists to craft explosives that detonate only when someone from the U.S. is nearby.

A better solution utilizes a dual cover shield and a specifically designed RFID tag assembly which is able to shield the passport until it is significantly open, not just a fraction of an inch. Thus, even when your passport is slightly open in your pocket, purse, or briefcase, you are protected from malicious data-theft, and (in a pessimistic future) RFID-equipped terrorists.

Even though no personal information is disclosed due to the failure of the current shielding system, such a breach of security has a real potential for people to be hurt, and, given the time until implementation, has a real potential to be corrected with a better solution.

For more information, click below:
RFID Passport Technical Analysis
RFID Passport Shield Failure Experimental Report
Video Security Brief

• Terms of Service |
• Privacy Policy

• © 2006 Flexilis, Inc. All rights reserved.
• Flexilis, Inc. 639 South Spring Street, Suite 6B, Los Angeles, CA 90014