Slashdot Log In
Chipped Passport Cloned In Minutes
Posted by
samzenpus
on Thu Aug 07, 2008 06:57 AM
from the unsafe-at-any-customs-counter dept.
from the unsafe-at-any-customs-counter dept.
Death Metal Maniac writes "New microchip passports designed to be foolproof against identity theft failed the test when a researcher was able to manipulate one in minutes. The cloned passports were accepted as genuine by the computer software recommended for use at international airports. According to the article: 'A computer researcher cloned the chips on two British passports and implanted digital images of Osama bin Laden and a suicide bomber. The altered chips were then passed as genuine by passport reader software used by the UN agency that sets standards for e-passports.'"
Related Stories
[+]
Interpol Pushing World Facial Recognition Database 171 comments
The Register is reporting that according to some reports, Interpol will soon be pushing for a world-wide facial recognition database at the borders of all member nations. "The UK already has airport gates equipped with such technology, intended to remove the need for a human border guard to check that a passenger's face matches the one recorded in his or her passport. According to the Guardian, Interpol database chief Mark Branchflower believes that his organization should set up a database of facial-recognition records to operate alongside its existing photo, fingerprint and DNA files."
[+]
Researchers Find Problems With RFID Passport Cards 172 comments
An anonymous reader writes "Researchers at the University of Washington have found that RFID tags used in two new types of border-crossing documents in the US are vulnerable to snooping and copying. The information in these tags could be copied on to another, off-the-shelf tag, which might be used to impersonate the legitimate holder of the card." You can also read the summary of the researchers' report.
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Um, well... (Score:5, Insightful)
Re:Um, well... (Score:5, Funny)
Well, they didn't make him take his shoes off - so no, I am not surprised.
Parent
Re:Um, well... (Score:5, Insightful)
FWIR about 1/3 of Iran's population is blonde haired and blue eyed. The Caucuses mountain range (from which we get the term Caucasian) is partly in Iran. So if Iran or part of their population (the government) is evil that whole profiling thing starts to not work real fast.
How about the government leaves us alone and sees to its actual responsibilities and, oh i don't know, obeys its own laws and attempts to embody American ideals? Just a suggestion.
Parent
Not so much... (Score:4, Informative)
FWIR about 1/3 of Iran's population is blonde haired and blue eyed. The Caucuses mountain range (from which we get the term Caucasian) is partly in Iran. So if Iran or part of their population (the government) is evil that whole profiling thing starts to not work real fast.
I'm not arguing against profiling, but stating that 1/3 of Iran's population is "blond haired and blue eyed" is totally misleading.
Caucasian != look like you're from Sweden
About the "whitest" people in Iran are the Azeri [wikipedia.org], and maybe the Mazandarani [wikipedia.org], and I highly doubt you'd label any of them blond haired and blue eyed.
http://en.wikipedia.org/wiki/Image:Caucasus-ethnic_en.svg [wikipedia.org]
Parent
Re:Um, well... (Score:5, Insightful)
Really, this lets the gov't track the millions of people who use passports easily but has no effect on criminals or those NOT from the USA. Personally I'd be more worried about the 20-something male muslum flying in to the US and then around from city to city than grandma taking a vacation to canada which now requires a passport. Yes, it's profiling. But when was the last time someone's mid-western 68 year old white grandmother went on a shooting/terror spree?
I dunno, personally, I don't want government-sanctioned racism. But that's just me.
Parent
Re:Um, well... (Score:5, Interesting)
My father was an airline pilot for years and recently retired. His opinion of the matter is that the reason TSA searches little old white grannies (and myself -- constantly. I've pretty much given up on flying because I **ALWAYS** get taggged) is that they don't WANT to find anything which they might have to deal with.
They harass pilots and take their nailclippers -- as if the captain of the plane needs nailclippers to hijack a plane that he's already in command of (mind you, there is a fire ax in the cockpit that can chop through the bulkhead).
The term the pilots use most often for it all is "political eyewash." Not that it matters, because after 911, passengers aren't just going to sit by for a hijacking ever again. The "rules" have changed. This is no longer the 1980s. Its not like the "Delta Force" movies anymore.
Racist or not, it would probably be more reasonable to search people who actually fit the known profile of like, you know, everyone who has ever hijacked a plane ever... but that might mean that the TSA people would actually have to do something. Much easier just to harass grannies from Iowa than to try and thwart "terrorism"
Parent
Re:Um, well... (Score:5, Interesting)
Hasn't this been known for a long time ?
Some extra security could be added to the chips (proper key signing IIRC) but never is. Everybody knows about this but since it makes the US happy as part of their security theatre, nobody cares.
Parent
Re:Um, well... (Score:5, Interesting)
Only in a few cases are those passports revoked.
Parent
Papers, bitte. (Score:5, Interesting)
I have to say the more we rely on "foolproof" technology, the more we rely on fools to operate the machinery.
I have to admit the Germans had it nearly right. Almost nothing beat the steely-eyed glare of a Hauptsturmführer asking for your passport -- unless of course you have a John Williams musical score swelling in the background, and even then it would be a life changing, tension filled 2 minutes of your life going by you.
Parent
Re: (Score:3, Insightful)
The sad thing is, that as someone who has never been to the US and who can't see myself travelling frequently I don't want to have to pay for a poorly design or implemented system which my government might wind up relying on for things that actually do matter to me.
Re:Um, well... (Score:5, Funny)
-1, Unintelligible.
Parent
Re:Um, well... (Score:5, Funny)
Or
+1, Ready for Academic Publication.
Parent
Re:Um, well... (Score:5, Funny)
What the hell is this, Schrödinger's Mod Point?
Parent
Um, yes.... (Score:5, Insightful)
History tells us that cryptography usually falls down in implementation, not theory. As soon as you start building networks, selling chip readers, issuing passports then your theory starts to slowly crumble.
Even if the whole chain of trust is perfect it only takes one act of stupidity/corruption by a human to bring the whole thing crashing down.
Passports are also one of the worst possible places for security to fail. Passports, passport readers, etc. can't be updated via a patch, they need to be thrown away and replaced.
The technology for this is in its infancy and rushing out hundreds of millions of passports at an international level is doomed to failure.
I'm sure it won't stop philistine politicians from trying though - after all, it's not their money they're flushing.
Parent
Re:Um, well... (Score:5, Insightful)
Parent
Re:Um, well... (Score:5, Insightful)
At the same time, you don't want your security to be so over the top that it is either prohibitive such that people are encouraged to find a work around, or it's just plain ineffectual.
Oh you mean like DRM? Prohibitive and ineffectual never stopped corporations before, why would it the government?
Parent
Re:Um, well... (Score:5, Insightful)
This is more like PGP signing. DRM has a flaw in that the user must be able to decrypt so the decryption key must be available. PGP signing is much more secure since you only need to know the private key if you sign. Verifying is done with the public key which is not secret.
The passport contains data - name, address, photograph (and in future fingerprints and retinal scans). When the passport is made this data is digitally signed with the private key in some secure system.
There is a trust chain from the per country CSCA (Country Signing Certificate Authority) down to the DS (Data Signers) down to the passports.
See here, page 13
http://www.rfidsec07.etsit.uma.es/slides/present/slides-1.1.pdf [etsit.uma.es]
In the UK as far as I know there is only one DS, the Foreign and Commonwealth Office even for passports issued overseas (I got mine renewed from a non biometric one in Stockholm and the issuer is still marked as FCO not British Embassy Stockholm). So to check the trust chain you need the public keys for the CSCA and the DS that made a passport. The article says that "But only ten of the forty-five countries with e-passports have signed up to the Public Key Directory (PKD) code system, and only five are using it." But elsewhere it says "Some of the 45 countries, including Britain, swap codes manually, but criminals could use fake e-passports from countries that do not share key codes, which would then go undetected at passport control". True, but if you used a clone British Passport anywhere with access to the shared keys it will be caught if you don't know the British private CSCA key. And any country that doesn't share it's public key could be threatened with being dropped from visa waiver programs, so it's fair to assume that given time they all will. Any country who leaked their private key could be handled the same way.
As someone commented to the article
Seemingly Mr Van Beek created only a copy of personal data with fake certificates, keys and signatures to fool only the reader he was using. In real life if he could have been able to put the chip into a real passport control systems where data is checked against the CSCA and DS certificates he would have been arrested at the same moment.
The problem with not having a PKD is that people who don't have access to manually swapped public keys cannot verify the passport. But I bet the scanners in airports do. Installing 45 CSCA keys, one per country, and one or more DS keys per country is not very hard to do.
I actually wonder how serious this is - of course a faked passport will not be detected by software that cannot verify the trust chain. The systems at airports can do this from what I've read.
Parent
Re:Um, well... (Score:5, Insightful)
I actually wonder how serious this is - of course a faked passport will not be detected by software that cannot verify the trust chain. The systems at airports can do this from what I've read.
Identity Shopping.
The process of finding a cryptographically secured ID of someone else that is "close enough" to pass visual inspection. No key swapping required.
The passport contains data - name, address, photograph (and in future fingerprints and retinal scans).
The day when real biometrics are included on passports is a long way off, and honestly I hope it never comes - but even if it does, the birthday problem will be enough to enable identity shopping.
Furthermore, rfid based passport data can be snooped from a relative distance, attempts to build a faraday cage into the cover are a colossal fail. Put a snooper in a doorframe somewhere high-traffic - like a touristy shopping area - and you can record the data of every passport that walks through, yielding thousands of potential identities to shop from every day.
Parent
Re: (Score:3, Insightful)
I recently had a conversation at work about security issues. The fact is that any security system can be beaten.
I have a variation on that.
The only 100% guaranteed secure computer system is one that's been pulverised into little shards of metal and encased in concrete.
I want one! (Score:5, Funny)
Oh, and I'd like some fake passports.
Re:I want one! (Score:5, Funny)
Parent
Re:I want one! (Score:4, Insightful)
I would carry my secret data on it. The border agents might take my laptop, cellphone, music player, and perhaps my pants, but hopefully they will leave me my passport.
Parent
Why be a hacker... (Score:5, Funny)
That's security professional for you, mister! (Score:3, Funny)
I'm head of retail logistics, so I have to get back to stocking shelves now.
Re: (Score:3, Funny)
Don't worry... (Score:5, Funny)
Summary doesn't mention digital signing (Score:5, Interesting)
The researcher replaced the digital signatures on the passports with ones of his own creation when altering the photographs... if the equipment used to test had actually compared the digital signatures to those on file, it would have immediately spotted the tampering. Problem is most countries aren't sharing their signatures yet, making those checks impotent. For now, at least (and not saying there aren't other vulnerabilities).
Take a hammer to it... (Score:4, Interesting)
Re:Take a hammer to it... (Score:5, Informative)
Why get all physical?
30 seconds on high in the microwave should do the job and leave less traces.
"And when the border guard asks you what happened." the right response would be
"I don't know what you're talking about Sir, there's chips in my passport?"
( or perhaps, depending on available force-points... :)
"Sir, these are not the passports you're looking for"
Parent
Re:Take a hammer to it... (Score:5, Insightful)
Apathy: one of the greatest gifts you can give a tyranny.
Parent
Authentication requires ... um... authentication (Score:5, Funny)
Their outright failure to do so for at least a year for the UK and perhaps many more for other countries means that the digital information is less valid than the information imprinted on the card. Less valid because it's far easier to change, and shows no signs of alteration.
In other words, countries that don't authenticate, and rely on the digital information alone are *MORE* insecure and open to falsification than those who do authenticate.
Security: Not a tradeoff of civil liberties, but an intelligent application of a variety of techniques.
Authentication: When available USE IT, don't just put it off and trust easily-modifiable data. When in doubt look at the printed picture and the text. *THAT* is harder to change without showing signs of alternation.
Encryption: I guess if they can't get the key database working for simple authentication (or even a #$&*(#$ hash) they're not going to figure out the encryption stuff either.
Hi Bruce.
Ehud
You Can't Say They Don't Have a Sense of Humour (Score:4, Insightful)
Additionally, I see no improvements to the initial checking of who is eligible for a passport to try and sort out the Day of the Jackal fraud:
http://en.wikipedia.org/wiki/The_Day_of_the_Jackal [wikipedia.org]
Using some form biometric system that seems to be implicitly trusted is even more dangerous, since if you can get your bogus identity trusted then people aren't ever going to question it.
Technology cannot overcome human ingenuity (Score:5, Insightful)
...at least not human technology.
Without exception, everything we try to lock up with a key can be unlocked by someone else. I'd like to hear it from anyone else that they recognize the fact that locks only keep honest people out and then perhaps we can move on to the bigger issue of why they are trying so hard to control honest people.
Watch what you're doing (Score:5, Funny)
Red Herring... (Score:5, Funny)
Re:Red Herring... (Score:5, Funny)
Who needs passports to get into a country anyway?
Jose? Is that you?
Parent
Less than adequate summary. (Score:5, Interesting)
Securtity is not a product (Score:5, Insightful)
So the chip itself hasn't been cracked, it's more a question of the international passport encryption network being worthless.
Technically accurate. But. The chip by itself is worthless. It's only worth something if it counters some kind of threat. This is why security isn't about products or techniques, it's about working systems. If the "chipped passports" don't have a working PKI, then there's really no point to the chips. They go together.
ObQuote: "Security is a process, not a product." -- Bruce Schneier
Parent
Misleading info? (Score:5, Informative)
Now I could be wrong, but I thought all the 9/11 bombers were legally allowed to be where they were, and were using valid documents?
I think what might have been the case is that they HAD used fake passpports in the past. The way this phrases it though suggests that a better implementation might have helped avoid 9/11, which is news to me.
Re:Misleading info? (Score:5, Insightful)
Where did you here that? I understand that all the hijackers were 'white' travelling on their own non-terrorist identities. Yes, some had been flagged as suspicious (Mohammed Atta, I believe) by the Germans but this was ignored.
Remember that the British 7/7 bombers were British. the only possible red flag was the visit to Pakistan, but many do that legitimately.
Parent
Spartacus Bin Laden (Score:5, Funny)
So now we can look forward to seeing thousands of people all sporting Osama Bin Laden pictures on their passports. It'll be as fashionable as Che Guevara t-shirts.
The TSA will love it because they can announce that they've caught Bin Laden every day for the next 20 years, thus justifying their continued existence.
Re:Electronic voting's cousin? (Score:5, Insightful)
It's becoming obvious that low-tech paper is preferable in both elections and passports.
yes, cos god knows, paper passports were NEVER falsified.
Parent
Re:Electronic voting's cousin? (Score:5, Insightful)
Sucessful paper forgeries are usually more time consuming to create, and require skills that are less common in this day and age.
Or another way, a forged passport is one forged passport. A broken authentication system is a thousand forged passports.
Parent
Re:Electronic voting's cousin? (Score:5, Informative)
Reading the article, it's not as simple as that. There's not just an authentication system that can be toggled on an off. Each country has their own public key, which they can decide to share with other countries. Right now, 45 countries manually share keys. Then of them have signed up to an automated public key database. Only five of them are using it right now. So if you come from a country other than those 45, your passport never gets authenticated anyway. Bureaucracy being what it is, who knows when those numbers will grow much larger.
Also, think about the potential for corruption. All you'd need is someone in the government who you could bribe to give you the private key. Think Pakistan, India, Romania, etc. Then you've actually got an authenticated passport that lulls the passport checker into a false sense of security. They think they've got added security when actually they don't.
Parent
Re:Electronic voting's cousin? (Score:5, Interesting)
Parent
Re:Electronic voting's cousin? (Score:5, Insightful)
Hmmmm. OK, but the corollary may well be that pretending something other than paper is any better is also folly!
As some other poster says above, you want a level of security that makes it sufficiently difficult for joe-public to not think about trying to beat it, but not so intrusive as to adversly affect people's lives too much in day-to-day use.
All the claptrap and palaver to do with air travel goes too far down the "intrusive" side of things, without actually offering any greater level of security (hence the term Security Theatre [wikipedia.org]). The attempt to track every individual using ID cards [no2id.net], etc, is also too intrusive, and just as ineffective - whereas a simple chip containing a picture which is displayed when the passport (or credit card) is put into a reader would allow a human to easily compare the picture with the person and thereby foil most of the casual passport/credit card fraud.
Finally, you have to recognise that you CANNOT completely stop people from doing bad things and to think you can will lead to the 1984-type society that most right-minded people fear is where we are going already!
Parent
Re:Electronic voting's cousin? (Score:5, Insightful)
As an aside, there is a parallel between pictures on ID and encryption: A picture on an ID allows me to verify that you look exactly like the guy on the ID (for various definitions of "exactly"), and symmetric encryption allows me to be fairly certain no one is listening in on a communication (assuming protected keys, sufficient key size, etc). But neither allow me to KNOW who you are or who I am communicating with. In other words, both systems fail at authentication, which is, in the end, what passports are trying to provide, and many people think encryption provides.
Parent
Re:Yesterday's News Today! (Score:5, Funny)
Hey now! This is Slashdot. Taco and Neal and the gang were busy confirming every aspect of the story before they posted it to the front page.
Parent
Re:Yesterday's News Today! (Score:5, Funny)
Don't forget the painstaking grammar and spelling checking.
Plus they had to go through all the archives to make sure it wasn't a dupe.
Parent
Re:If one man can do it... (Score:5, Insightful)
Sounds great, You're in charge to get all the countries in the world to agree to this.
How about an easier task, convince all countries to agree that one server somewhere is where all their trust of their passports is placed.
Really simple. you should have that done by the end of this week right?
Parent