03-16-2008, 07:46 AM
|
 |
Cheesesteak GURU! Wiz with
|
|
Join Date: May 2004
Location: Earth
Posts: 3,969
|
|
Hello Philadelphia, Goodbye World
I need to renew my passport this month before I fly back to Philly. As you know US passports now have an RFID chip in them like the UK ones do. I knew they were insecure but I didn't know just how bad it was...
http://www.wired.com/science/discove.../2006/08/71521
Quote:
Two RFID researchers created a video showing how an RFID reader attached to an improvised explosive device could theoretically identify a U.S. citizen walking past the reader and set off a bomb. They haven't yet tested the theory on a real U.S. passport since the documents have yet to be distributed. The still here shows an attack using a prototype passport with RFID chip placed in the pocket of the victim. As the chip passes the reader, the reader detonates an explosive device placed in the trash can.
View Slideshow
|
Quote:
LAS VEGAS -- A German computer security consultant has shown that he can clone the electronic passports that the United States and other countries are beginning to distribute this year.
The controversial e-passports contain radio frequency ID, or RFID, chips that the U.S. State Department and others say will help thwart document forgery. But Lukas Grunwald, a security consultant with DN-Systems in Germany and an RFID expert, says the data in the chips is easy to copy.
|
http://tech.yahoo.com/blogs/null/6808
Quote:
U.S. Passport RFID Already Hacked
Well that didn't take long. It's been roughly a whole month since the U.S. has been issuing passports with RFID chips in them, and already they've been hacked. In theory, at least.
The hack was released late last week and is now making the rounds.
|
http://www.guardian.co.uk/technology...ws.homeaffairs
Quote:
First it is necessary to explain why the new passports were introduced, and how they work.After the 9/11 attack on the World Trade Centre, in which fake passports were used, the US decided it wanted foreign citizens who presented themselves at its borders to have more secure "machine-readable" identity documents. It told 27 countries that participated in a visa waiver programme that citizens with passports issued after the 26th of last month must have micro-chipped biometric passports or would have to apply for a US visa. Among those 27 countries are the major EU members, and other friendly nations ranging from Andorra and Iceland to Singapore, Japan and Brunei. The UK, of course, is also included.
By last month, Booth, Laurie and I each had access to a new biometric chipped passport and were ready to begin testing them. Laurie's first port of call was the ICAO's website, where the organisation had published specifications for the new travel documents. This is where he learned that the key to opening up the secure chip was contained in the passports themselves - passport number, date of birth and expiry date.
"I was amazed that they made it so easy," Laurie says. "The information contained in the chip is not encrypted, but to access it you have to start up an encrypted conversation between the reader and the RFID chip in the passport.
"The reader - I bought one for £250 - has to say hello to the chip and tell it that it is authorised to make contact. The key to that is in the date of birth, etc. Once they communicate, the conversation is encrypted, but I wrote some software in about 48 hours that made sense of it.
"The Home Office has adopted a very high encryption technology called 3DES - that is, to a military-level data-encryption standard times three. So they are using strong cryptography to prevent conversations between the passport and the reader being eavesdropped, but they are then breaking one of the fundamental principles of encryption by using non-secret information actually published in the passport to create a 'secret key'. That is the equivalent of installing a solid steel front door to your house and then putting the key under the mat."
Within minutes of applying the three passports to the reader, the information from all of them has been copied and the holders' images appear on the screen of Laurie's laptop. The passports belong to Booth, and to Laurie's son, Max, and my partner, who have all given their permission.
Booth is staggered. He has undercut Laurie by finding an RFID reader for £174, which also works. "This is simply not supposed to happen," Booth says. "This could provide a bonanza for counterfeiters because drawing the information from the chip, complete with the digital signature it contains, could result in a passport being passed off as the real article. You could make a perfect clone of the passport."
|
http://www.engadget.com/2006/08/03/g...d-e-passports/
Quote:
Oh snap. First the Dutch get their RFID e-passport system cracked, then VeriChip gets its "counterfeit proof" RFID implant copied by a pair of hackers in front of a live audience, and now some hackers in Germany have undermined some of the security behind the electronic passports that the United States and other countries are planning to implement this month. Lukas Grunwald did the honors this time, and says it took him about two weeks to figure out the hack, with most of his time spent reading the publicly available e-passport standards on the International Civil Aviation Organization's official website. Since all countries will be adhering to the ICAO's standard, his hack should work on other passports as well. Grunwald demonstrated for Wired the whole process of cloning a passport, and even proceeded to copy the data to a corporate smartcard, which when slipped between the normal RFID chip and the reader allows him to have a physical passport that differs from his RFID passport. All is not lost however, since most countries plan to have physical inspections to make sure everything matches up, and information cannot currently be modified on the passport -- but the security failures so far sure don't inspire a lot of confidence.
Tags: e-passport, icao, passport, rfid
|
__________________
|
