Posted on 08/14/2006 1:47:58 AM PDT by Banjoguy
News that attendees at a U.S. hacking conference have seen a demonstration of how to clone a digital passport has raised fresh concerns about the security of proposed new forms of ID and travel documents in the U.K.
A security researcher called Lukas Grunwald showed attendees at the Black Hat convention in Las Vegas how to clone passports, using a German passport for his demonstration. However, standardization across ePassports means the exploit would work on any other passport that uses RFID chip technology to store details of the individual--such as those now being issued in the U.K. or U.S. The demonstrated attack was carried out using freely available technology.
According to security guru Bruce Schneier, Grunwald's job was made all the more easy by the publication of standards for ePassports on the Web site of the International Civil Aviation Organization.
Simon Perry, vice president of security strategy at CA and a member of the European Network and Information Security Agency, said that if people can crack the security on bank cards then it was inevitable, in time, they would find a way to do the same with passports.
The biggest problem, Schneier wrote on his blog, is that passports will have a shelf-life of 10 years, during which time the technology will not only become antiquated but will almost inevitably be overtaken in sophistication by the methods for cracking it.
Schneier wrote: "A passport has a 10-year lifetime. It's sheer folly to believe the passport security won't be hacked in that time."
The U.K. is currently in the process of rolling out ePassports that store biometric data about the holder on a chip.
Because CA's Perry said RFID chips can increasingly be read surreptitiously, often from distances far greater than the six inches which designers originally claimed, he suggested the security conscious might like to consider investing in a metal cigarette or cigar case large enough to hold their passport.
Will Sturgeon reports for Silicon.com in London.
Hmmm... Liberal answer would be to outlaw travel. It'll save the environment.
Of course, they'll still have private jets for visiting their ski lodges in the Alps.
I knew this would happen ,,, too many satellite hackers with time on their hands with the P5 and the Nagra2 cards in place...
Having been heavily involved in electronic technology, and in particular the engineering side of it, since the late '70's I've come to the conclusion that nothing is hack proof. If a human makes it, another human can break it.
BUMP!
This is stupid. Seems to me like the good old paper passport is far safer than any of these new fangled gizmos, which someone sitting in the cafeteria across the street can read without you ever knowing about it!
..you might be on to something. Although paper can be counterfeited more easily. I think a standard metal protective cover for these electronic cards may help.
This is the biggest problem with these new passports IMO. For some reason Fedgov is totally enamored with the idea of being able to remotely identify American passport holders. Of course, the fact that terrorists will have the same capabilities doesn't bother Fedgov one little bit.
I can understand them wanting to implement the ability to read passports electronically. This could have just as easily been implemented in a way that requires physical contact with the passport, rather than RFID chips. Sometimes I think you have to cache your brain in some kind of trust or something when you accept work for Fedgov. Other times, I think they have an evil agenda. Either way, it sucks.
No kidding. The passports would have been just fine with some sort of smartcard/chip. At least then, the passport holder would add a level of trust when it comes to letting someone read their passport.
Ya. At least you know if it has left your posession. All bets are off on that if someone else has physical access to your passport though. Even with a chip that needs physical contact, if you have to surrender it to someone for whatever reason, a nefarious person could take that opportunity to clone it.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.