Hokie Passports

Virginia Tech’s Hokie Passport system is used extensively throughout the university for dining halls, libary loans, building access, bus fare, and laundry. This system carries tremendous privacy risks as it has the potential of linking together a person’s movements.

Information on a Hokie Passport

Hokie Passports are printed with the following information:

Unintentional disclosure of this information is sufficient to have your identity stolen. For example, one can use this information to call 4Help and perform a password reset.

Previously, Hokie Passports used Social Security Numbers as unique IDs until it was outlawed by legislation.

There does not appear to be any valid use case of the “date of birth” field, as Hokie Passport does not constitute a legal ID for alcohol or tobacco sales.

Types of Hokie Passports

The university has issued several different types of Hokie Passports in recent history:

Magnetic Stripe

The primary magnetic stripe on Hokie Passports contain a VT ID number, a lost card counter, and a site code for Virginia Tech. As with any magnetic stripe technology, this information is not protected and can be easily copied using commercially available equipment.

aptiQ

The new aptiQ Hokie Passports are compatible with the new AD-400 locks that are mentioned below. These cards have an integrated MIFARE DESFire EV1 near-field communication chip. Each chip has a unique ID number and runs an embedded Physical Access Control System app which stores two files. One of these files is unprotected and can be freely read. The second file requires an encryption key to read. Both files are protected with a master key which prevents write access.

Many Android phones have support for this NFC chip; the NXP TagInfo app can be used to read data from the chip on your ID card. The ID number and free-read file can be easily copied using commercially available equipment.

Backend and Logging

The Hokie Passport campus card system uses CBORD’s CS Gold. This system was originally developed by Diebold and was sold to CBORD in 2005; some of the older magnetic stripe readers around campus still have a Diebold logo. This system is designed and marketed primarily for use at academic institutions.

The CS Gold system logs every card swipe that it processes into a central database. Access logs can be accessed by VTPD dispatchers through PD-PLUS (Police Department Personal Lookup System). On several occasions, monitoring of VTPD’s radio frequencies revealed that officers have the ability to get building card reader logs in almost real-time in order to prosecute students drunk in public. It is unknown if there is any oversight to use of this system.

Dining hall transactions are recorded and available on my.vt.edu. Laundry, vending, and other Hokie Passport transactions can be viewed directly in the student-facing CS Gold interface, which can only be accessed over IPv4 from on campus.

Other Uses

There are other uses of Hokie Passport around campus that do not integrate with the CS Gold system. The most notable of these are the library and Blacksburg Transit, but some departments may also use their own standalone access control systems.

The library records a timestamp when a book is checked out, as reflected in Addison. It is unclear whether this information is purged when books are returned.

Blacksburg Transit uses Hokie Passports in lieu of fare. They do not log personally identifiable information but only the number of VT affiliates that ride a bus.

Residential Building and Room Access

In newly constructed dorms (as of Spring 2016), and soon in older dorms, Hokie Passports will serve as access to not just the building, but also to students rooms, instead of physical keys. This system is used in combination with a digital PIN pad; physical change and master keys will still be produced, but not issued to most students. This means that the CS Gold system now has access logs that indicate when students are in their rooms; it is unknown what they do with this information, and they have not issued a public statement on this privacy risk.

Most students will be issued new aptiQ Hokie Passports for use with newly installed Schlage AD-400 locks. These locks are opened in the manner described in this video, produced by Housing and Residence Life. These locks have a sensor that detects whether the door is open or not, and they cannot be left unlocked.

PIN Pad of new lock system Room-side of new lock system Sensor for door state

Currently, there are 3 systems for dorm door locks in place:

In terms of privacy, brass keys are the best solution because access cannot be logged. Due to deficiencies in the magnetic stripe system, magstripe and PIN poses security risks in addition to the privacy risks outlined above.

PINs are sent out in plain-text email to students, prior to move-in. This method of PIN distribution is insecure. Additionally, because students must be on campus to change their PIN, the best practice of changing the PIN as soon as possible becomes burdensome.

The following buildings are known to use aptiQ and PIN:

The following buildings are known to use Magstripe and PIN:

It is believed that no residential buildings still use brass key.

Best Practice Recommendations

  1. Keep your Hokie Passport in your wallet where it can’t be seen (i.e. not in the ID pouch).

  2. Log on to my.vt.edu and disable the “Call 4Help” account recovery option. This will mitigate some social engineering attacks, as you will now need to appear in-person to reset your password rather than being able to do so over the phone.

  3. Tailgate or get someone to let you in to a space if you’d like to have some semblance of location privacy.

  4. If you are a department looking for an access control solution, consider Simplex or keypad locks (changed regularly), or issue physical keys. As an added bonus, this does not carry the monthly fee that Hokie Passport Office charges.

  5. At dining halls, if you pay with a Hokie Passport, take your receipts with you and shred them later as they contain part of your ID number.

  6. When presenting an ID card to a Blacksburg Transit driver, cover everything but the photo.

  7. Avoid carrying a balance on a Hokie Passport account.

  8. Keep your Hokie Passport in an RFID-blocking pouch or wallet to prevent tracking by third parties or possibly even cloning of your Hokie Passport.

  9. Change your personal PIN after it is issued.

References