6

The presentation slides by Bishop Fox at RFID Hacking - Live Free or RFID Hard - 01 Aug 2013 – Black Hat USA 2013 – Las Vegas, NV briefly describes a number of RFID hacking approaches, and ends with a picture and statement about the sleeves that are now distributed with United States Permanent Resident Cards ("Green Cards"):

USA - Green Card Sleeve
• Since May 11, 2010, new Green Cards contain an RFID chip
• Tested Carl’s “protective sleeve”, doesn’t block anything.
• False sense of security

But details are hard to come by.

Questions:

  • Does the official sleeve provide any protection? Has it been quantified?
  • What alternative protective shielding alternatives might work better?
  • Which RFID technology, protocol, etc is used by Green Cards?
  • What are the privacy and security risks of using Green Cards with or without the official sleeve, or others that might be recommended?
nealmcb
  • 20,783
  • 6
  • 72
  • 117
  • 1
    Before talking about the sleeves it would be nice to know what info the green cards broadcast over NFC and what authentication is required, if any. – André Borie Aug 06 '16 at 01:45
  • @AndréBorie Yes, good point. I meant for that to be part of the question. I tried to clarify it. – nealmcb Aug 08 '16 at 01:09
  • 1
    About which RFID (more specifically, NFC) protocol is used I'm confident it would be ISO14443, the same standard used for credit cards and passports. – André Borie Aug 08 '16 at 08:41

1 Answers1

1

For starters, it appears that Green Cards and passports from many countries use the ISO/IEC 14443 NFC protocol in some form. Wikipedia documents a number of common but optional protection mechanisms for Biometric passports, but notes attacks on them, e.g. allowing attackers to clone a passport by examining and scanning the unopened postal mail package in which it is delivered. See Radio-frequency identification

nealmcb
  • 20,783
  • 6
  • 72
  • 117