Virginia Tech’s Hokie Passport system is used extensively throughout the university for dining halls, libary loans, building access, bus fare, and laundry. This system carries tremendous privacy risks as it has the potential of linking together a person’s movements.
Information on a Hokie Passport
Hokie Passports are printed with the following information:
- Full Name
- Date of Birth
- ID number in text and barcode form
Unintentional disclosure of this information is sufficient to have your identity stolen. For example, one can use this information to call 4Help and perform a password reset.
Previously, Hokie Passports used Social Security Numbers as unique IDs until it was outlawed by legislation.
There does not appear to be any valid use case of the “date of birth” field, as Hokie Passport does not constitute a legal ID for alcohol or tobacco sales.
Types of Hokie Passports
The university has issued several different types of Hokie Passports in recent history:
- Dual magstripe: these are older and contain a second magnetic stripe below the primary one. This second magnetic stripe was used by printers in the library, but as the system has now been upgraded, these are no longer issued.
- Single magstripe: these contain a single magnetic stripe, but are otherwise nearly identical to the previous system. These were the primary IDs issued until 2016.
- Single magstripe with HID Prox: in addition to the single magnetic stripe, these Hokie Passports support an older 125 kHz HID Prox RFID system that is used for access to Durham Hall, Kelly Hall, Steger Hall, and some buildings in the CRC.
- Single magstripe with aptiQ: these have been issued since 2016 and contain a near-field communication (a type of RFID) chip in addition to the magnetic stripe.
The primary magnetic stripe on Hokie Passports contain a VT ID number, a lost card counter, and a site code for Virginia Tech. As with any magnetic stripe technology, this information is not protected and can be easily copied using commercially available equipment.
The new aptiQ Hokie Passports are compatible with the new AD-400 locks that are mentioned below. These cards have an integrated MIFARE DESFire EV1 near-field communication chip. Each chip has a unique ID number and runs an embedded Physical Access Control System app which stores two files. One of these files is unprotected and can be freely read. The second file requires an encryption key to read. Both files are protected with a master key which prevents write access.
Many Android phones have support for this NFC chip; the NXP TagInfo app can be used to read data from the chip on your ID card. The ID number and free-read file can be easily copied using commercially available equipment.
Backend and Logging
The Hokie Passport campus card system uses CBORD’s CS Gold. This system was originally developed by Diebold and was sold to CBORD in 2005; some of the older magnetic stripe readers around campus still have a Diebold logo. This system is designed and marketed primarily for use at academic institutions.
The CS Gold system logs every card swipe that it processes into a central database. Access logs can be accessed by VTPD dispatchers through PD-PLUS (Police Department Personal Lookup System). On several occasions, monitoring of VTPD’s radio frequencies revealed that officers have the ability to get building card reader logs in almost real-time in order to prosecute students drunk in public. It is unknown if there is any oversight to use of this system.
Dining hall transactions are recorded and available on my.vt.edu. Laundry, vending, and other Hokie Passport transactions can be viewed directly in the student-facing CS Gold interface, which can only be accessed over IPv4 from on campus.
There are other uses of Hokie Passport around campus that do not integrate with the CS Gold system. The most notable of these are the library and Blacksburg Transit, but some departments may also use their own standalone access control systems.
The library records a timestamp when a book is checked out, as reflected in Addison. It is unclear whether this information is purged when books are returned.
Blacksburg Transit uses Hokie Passports in lieu of fare. They do not log personally identifiable information but only the number of VT affiliates that ride a bus.
Residential Building and Room Access
In newly constructed dorms (as of Spring 2016), and soon in older dorms, Hokie Passports will serve as access to not just the building, but also to students rooms, instead of physical keys. This system is used in combination with a digital PIN pad; physical change and master keys will still be produced, but not issued to most students. This means that the CS Gold system now has access logs that indicate when students are in their rooms; it is unknown what they do with this information, and they have not issued a public statement on this privacy risk.
Most students will be issued new aptiQ Hokie Passports for use with newly installed Schlage AD-400 locks. These locks are opened in the manner described in this video, produced by Housing and Residence Life. These locks have a sensor that detects whether the door is open or not, and they cannot be left unlocked.
Currently, there are 3 systems for dorm door locks in place:
- Magstripe and PIN
- aptiQ and PIN
- Brass Key
In terms of privacy, brass keys are the best solution because access cannot be logged. Due to deficiencies in the magnetic stripe system, magstripe and PIN poses security risks in addition to the privacy risks outlined above.
PINs are sent out in plain-text email to students, prior to move-in. This method of PIN distribution is insecure. Additionally, because students must be on campus to change their PIN, the best practice of changing the PIN as soon as possible becomes burdensome.
The following buildings are known to use aptiQ and PIN:
- Lee Hall
- Johnson Hall
- Barringer Hall
- Peddrew-Yates Hall
- Payne Hall
- New Residence East
- New Hall West
- Vawter Hall
- Main Eggleston Hall (under renovation)
- West Eggleston Hall (under renovation)
- Hillcrest Hall
- Harper Hall
- Miles Hall
- Campbell Hall (both wings)
- Slusher Hall
- Cochrane Hall
- Ambler-Johnson Hall (both wings)
- Pritchard Hall
The following buildings are known to use Magstripe and PIN:
- Pearson Hall
It is believed that no residential buildings still use brass key.
Best Practice Recommendations
Keep your Hokie Passport in your wallet where it can’t be seen (i.e. not in the ID pouch).
Log on to my.vt.edu and disable the “Call 4Help” account recovery option. This will mitigate some social engineering attacks, as you will now need to appear in-person to reset your password rather than being able to do so over the phone.
Tailgate or get someone to let you in to a space if you’d like to have some semblance of location privacy.
If you are a department looking for an access control solution, consider Simplex or keypad locks (changed regularly), or issue physical keys. As an added bonus, this does not carry the monthly fee that Hokie Passport Office charges.
At dining halls, if you pay with a Hokie Passport, take your receipts with you and shred them later as they contain part of your ID number.
When presenting an ID card to a Blacksburg Transit driver, cover everything but the photo.
Avoid carrying a balance on a Hokie Passport account.
Keep your Hokie Passport in an RFID-blocking pouch or wallet to prevent tracking by third parties or possibly even cloning of your Hokie Passport.
Change your personal PIN after it is issued.