Hackers Kristin Paget, right, and Marc Rogers adjust an antenna while testing radio frequency identification signal range in Hickman, Calif., on Sunday, June 6, 2021. Paget first warned publicly about the vulnerabilities of RFID in 2010, during a presentation at the annual DEF CON hacker convention. (AP Photo/Noah Berger)

 

Determined to keep track of their guns, some U.S. military units have turned to a technology that could let enemies detect troops on the battlefield, The Associated Press has found.

The rollout on Army and Air Force bases continues even though the Department of Defense itself describes putting the technology in firearms as a “significant” security risk.

The Marines have rejected radio frequency identification technology in weapons for that very reason, and the Navy said this week that it was halting its own dalliance.

RFID, as the technology is known, is infused throughout daily civilian life. Thin RFID tags help drivers zip through toll booths, hospitals locate tools and supermarkets track their stock. Tags are in some identity documents, airline baggage tags and even amusement park wristbands.

When embedded in military guns, tags can trim hours off time-intensive tasks, such as weapon counts and distribution. Outside the armory, however, the same silent, invisible signals that help automate inventory checks could become an unwanted tracking beacon.

The AP scrutinized how the U.S. armed services use technology to keep closer control of their firearms as part of an investigation into stolen and missing military guns — some of which have been used in street violence.

The examination included new field tests that showed even low-tech enemies could identify U.S. troops at distances far greater than what contractors who install RFID systems say.

Which is why a spokesman for the Department of Defense said its policymakers oppose embedding tags in firearms except in limited, very specific cases, such as guns that are used only at a firing range — not in combat or to guard bases.

“It would pose a significant operations security risk in the field, allowing an adversary to easily identify DOD personnel operating locations and potentially even their identity,” Pentagon spokesman Lt. Col. Uriah Orland told AP.

Spokespeople at the headquarters of the Air Force and Army said they did not know how many units have converted their armories.

AP found five Air Force bases that have operated at least one RFID armory, and one more that plans a retrofit.

A Florida-based Army Green Berets unit, the 7th Special Forces Group, confirmed it uses the technology in “a few” arms rooms. Special forces soldiers can take tagged weapons into the field, said Maj. Dan Lessard, a special forces spokesman. A separate pilot project at Fort Bragg, the sprawling Army base in North Carolina, was suspended due to COVID-19.

The Navy told AP one armory on a base up the coast from Los Angeles was using RFID for inventory. Then this week, after extended questioning, spokesman Lt. Lewis Aldridge abruptly said that the technology “didn’t meet operational requirements” and wouldn’t be used across the service.

With unit commanders looking to bolster armory security, defense contractors have offered a familiar technology — one with origins in the development of radar during World War II.

In the U.S. military, RFID use grew in the 1990s, after the first Gulf War showed a need to untangle vast supply chains of shipping containers. Its use has migrated to weapons management in more recent years. Government armories in Nigeria, Saudi Arabia and elsewhere have been outfitted.

Conversions cost thousands of dollars, and sometimes more. Convenience is a big selling point. Instead of hand-recording firearm serial numbers on paper or scanning barcodes one-by-one like a cashier, an armorer can read tags in multiple firearms with the wave of a handheld reader — and without having to see each weapon. The tags tucked inside don’t even need batteries.

Contractors that retrofit armories say tags can be read only within a limited range, typically a few dozen feet or less. But in field testing for AP, two prominent cybersecurity experts showed that a tag inside a rifle can be detected from significantly farther, using inexpensive components that fit in a backpack.

Because the hackers were following federal regulations that limit the power of radio signals, their RFID reader system lost the tag at 210 feet (64 meters). Enemies who would not feel so restricted could detect tags miles away, said Kristin Paget, the “Hacker Princess” who has worked at tech titans including Apple and Tesla.

The RFID system Paget and her hacking partner Marc Rogers cobbled together cost about $500. They said a tinkerer with YouTube access could learn the needed skills.

Executives at two companies that have installed RFID armories at Air Force bases said they had never heard of a 210-foot reading.

One said he didn’t believe it. Eric Collins, the CEO of Trackable Solutions, said he’d heard concerns about troop tracking for years, but insisted it wasn’t a problem because — even with a stronger power source — no reader could find a tag more than several dozen feet away.

RFID in weapons poses “absolutely no risk at all,” Collins said. He called the Pentagon’s security concerns invalid: “The leadership needs their staff to give them better guidance.”

But a top weapons expert from the Marine Corps said he witnessed how tags can be read from afar during training exercises in the Southern California desert in December 2018.

“RFID tags on tanks, weapons, magazines, you can ping them and find the disposition of where units are,” said Wesley Turner, who was a Marine chief warrant officer 5 when he spoke in a spring interview. “If I can ping it, I can find it and I can shoot you.”

The Corps has decided not to tag guns because doing so would boost troops’ digital signature on the battlefield, “increasing the security/force protection risks,” according to spokesman Capt. Andrew Wood.

In written statements, spokespeople for the Air Force and Army said unit commanders can add RFID systems as a further layer of accountability, but no service-wide requirement is planned.

Policy experts within the Office of the Secretary of Defense appeared unaware that the services have been tagging firearms.

Asked why its branches can field a technology that Pentagon planners consider so risky, Defense Department spokesman Orland first said that the services told the Pentagon they are not tagging guns due to security concerns.

Informed that AP found units which acknowledge using the technology, the Pentagon revised its statement and said it allows service branches to explore innovative solutions. The Defense Department “tries to balance pre-emptive prohibitions due to current security risks with flexibility to adopt new technologies when they mature and those risks decrease,” Orland said.

___

LaPorta reported from Hickman, California, Pritchard reported from Los Angeles, and Hall reported from Nashville, Tennessee. Also contributing were Serginho Roosblad in San Francisco and Martha Mendoza in Santa Cruz, California.

___

Contact LaPorta at https://twitter.com/jimlaporta; contact Pritchard at https://twitter.com/JPritchardAP; contact Hall at https://twitter.com/kmhall.

___

Email AP’s Global Investigations Team at investigative@ap.org or https://www.ap.org/tips/. See other work at https://www.apnews.com/hub/ap-investigations.