Forgot your password?
typodupeerror
Privacy Security Your Rights Online

E-Passport Cloned In Five Minutes 259

Posted by kdawson
from the if-more-proof-were-needed dept.
Last month a panel of EU experts warned that the e-Passport's security is "poorly conceived", and in fact a week later a British newspaper demonstrated a crack. Now another researcher has shown how to clone a European e-Passport in under 5 minutes. A UK Home Office spokesman dismissed it all, saying "It is hard to see why anyone would want to access the information on the chip."
This discussion has been archived. No new comments can be posted.

E-Passport Cloned In Five Minutes

Comments Filter:
  • Well then, (Score:5, Insightful)

    by QuantumG (50515) * <qg@biodome.org> on Sunday December 17, 2006 @09:52PM (#17281836) Homepage Journal

    "It is hard to see why anyone would want to access the information on the chip."
    I guess that's what they call a failure of imagination.

    • Re:Well then, (Score:5, Insightful)

      by l2718 (514756) on Sunday December 17, 2006 @10:04PM (#17281904)
      Well, it's true that if you already possess a passport and want to copy it, it's essentially the same problem with and without an RFID. It's also true that the RFID chip does stop the basic hack of replacing the photo in the passport (since the data on the chip is persumably read-only, and the chip can't be replaced without mutilating the passport). I think what the esteemed spokesman missed is the privacy implications (I can now read your passport without your knowledge). In particular, you can clone these passports without actually holding the original. In the past to clone a passport you needed the co-operation of its owner (if you steal a passport it's known to be stolen). Now you can make your own sure-to-be valid passport by just stepping into the airport and choosing an appropriate victim (someone who looks like you, perhaps?).
      • Re:Well then, (Score:4, Interesting)

        by msobkow (48369) on Monday December 18, 2006 @01:09AM (#17282996) Homepage Journal
        A UK Home Office spokesman dismissed it all, saying "It is hard to see why anyone would want to access the information on the chip."

        But isn't the whole point of a secure passport to secure the identity of an individual? If the identity is not secure, we may as well not waste the time or money.

        • by h2g2bob (948006) on Monday December 18, 2006 @01:53AM (#17283188) Homepage
          The ID cards themselves are just a distraction. The real agenda is the setting up of a big database with information on all citizens. While everyone debates ID cards, they get to do what they want with the database proposal. They can back down on ID cards later, and everyone is happy.
          • by msobkow (48369) on Monday December 18, 2006 @06:04AM (#17284150) Homepage Journal

            Your birth certificate number could be read as CN.DN.cert-number. You have a social insurance number, social security number, or equivalent. You are numbered by your driver's license, your chequing account, your power bill, and a host of other unique identifiers.

            I have no objection to SECURE identification. I object to wasting billions on useless crap.

            • Re: (Score:3, Informative)

              by KDR_11k (778916)
              Let's not forget we are talking about Europe where many countries issue personal IDs and keep registries of all citizens at several levels with mandatory registration.
            • by Anonymous Brave Guy (457657) on Monday December 18, 2006 @09:20AM (#17284856)

              Yes, governments have databases about the citizens of their countries, for tax purposes, medical purposes, driver licensing and so on. That in itself is not unreasonable, as long as the data collected is necessary for the purpose, properly and securely handled, with suitable checks made on those with access to it and confidentiality maintained.

              The National Identity Register in the UK, however, will combine most of the existing government databases into a single, centralised point of failure. In practice, it will likely be the case that most government departments and many outside agencies will have access to all of the records about an individual, not just those they have reason to see.

              A second major concern is that the NIR will track every time it is checked. That won't help with the identity theft problem that follows from the above, unless the security of access is near-perfect across many thousands of people with access to the database. It will, however, mean that once the national ID card becomes the "easy option" for identity verification, the government has a handy record of each citizen's entire life: where they shop, which financial services they've been using, jobs they've been applying for, where they've travelled and who with, etc. There is simply no need for any state organisation to keep this sort of information about any citizen, other than when conducting legitimate surveillance of a suspect for genuine security purposes, with independent oversight.

              Identity thieves, however, already happy to be part of the fastest-growing and most profitable crime wave in recent history, have hit the jackpot. Just along the Slashdot front page from this story as I write this, there is another article estimating that 100 million personal information leaks have occurred within the past couple of years or so. If that combination isn't reason enough to stop the NIR plans right now, I don't know what kind of sanity prevails in the government's universe.

      • Re:Well then, (Score:5, Insightful)

        by swillden (191260) * <shawn-ds@willden.org> on Monday December 18, 2006 @02:57AM (#17283440) Homepage Journal

        It's also true that the RFID chip does stop the basic hack of replacing the photo in the passport (since the data on the chip is persumably read-only, and the chip can't be replaced without mutilating the passport).

        Stronger than that, the data on the chip is digitally signed, so even if you can tracelessly replace the chip in the passport with a different one that has the photo you want, you're not going to be able to generate the appropriate digital signature for the altered data. This technology makes the passports effectively unalterable, as long as the chip is intact.

        I think what the esteemed spokesman missed is the privacy implications (I can now read your passport without your knowledge). In particular, you can clone these passports without actually holding the original.

        Not exactly. To read the passport data you have to have the authentication key. To get the authentication key, you need to have the passport, because the data that the key is derived from is printed inside. Note, however, that it has been shown that a large enough portion of the printed data is guessable, given basic information like the passport holder's name and a guess at his or her age, that the rest can be brute-forced pretty quickly. So there *is* a possibility it could be read without the owner's knowledge, but it's not completely trivial and does require some additional information.

        The US has addressed this issue by putting a shielding mesh in the passport cover, which isolates the chip when the cover is closed.

        • Re: (Score:3, Insightful)

          by tjcrowder (899845)
          The US has addressed this issue by putting a shielding mesh in the passport cover, which isolates the chip when the cover is closed.
          You're saying they've given U.S. passports.......their own built-in tin-foil hats. Clearly they've been reading /. on this issue.
    • Re:Well then, (Score:5, Insightful)

      by Zemran (3101) on Sunday December 17, 2006 @10:47PM (#17282202) Homepage Journal
      "It is hard to see why anyone would want to access the information on the chip."

      Just like it is hard to see why anyone would want to blow up an aircraft? I think that people are still thinking within the sandbox and not realising that the real risk is what we have not yet thought of. There will be lots of reasons to want to access the information and to change it or learn to create false IDs that Joe Average security assumes to be valid because it is state of the art.
    • by pilgrim23 (716938)
      Well thank goodness! and here I was worried that the cost of fake paper was going to climb out of the range of the petty crook. I want to thank the developers and the bone heads in government for insuring the future of honest crooks.
    • Re:Well then, (Score:5, Interesting)

      by JimBobJoe (2758) <swiftheart@NOSpam.gmail.com> on Monday December 18, 2006 @05:43AM (#17284054)
      I guess that's what they call a failure of imagination.

      It's a common failure that occurs in these scenarios.

      As part of my research on driver's licensing issues, when states added photos to driver's licenses (starting in the late 60's) the word "fraud" never entered the picture. Driver's licenses were essentially fraud free documents before the photographs were added--so it really never entered anyone's mind that things would change once the document became more powerful/useful/trusted.
  • by Salvance (1014001) * on Sunday December 17, 2006 @09:53PM (#17281838) Homepage Journal
    "It is hard to see why anyone would want to access the information on the chip." Hmmm... it's also hard to see why anyone would want my credit card information, SSN, address, etc. I'm sure nobody really wants to know any personal information about me at all, and I'm sure nobody would ever want to forge any of my identifying documentation.

    Something is just wrong with the UK's Home Office. Today I read that they will now classify panty theifs as sex offenders [sundaymirror.co.uk], receiving the same long-term classification on the sex offenders' registry as child abusers, rapists, and child pornographers.
    • it is also identity theft.
      • by prichardson (603676) on Sunday December 17, 2006 @10:12PM (#17281952) Journal
        If my name is written on someone else's panties, I demand to know why!

        ob Simpsons:
        Skinner: Oh, it's a miracle no one was hurt.
        Otto: I stand on my record - fifteen crashes and not a single fatality!
        Lou: Let's see your license, pal.
        Otto: No can do. Never got one. But, if you need proof of my identity, I wrote my name on my underwear... Oh wait, these aren't mine!
        Skinner: Well that tears it! Until you get a license and wear your own underwear, mister, you are suspended without pay!
    • by Dunbal (464142) on Sunday December 17, 2006 @10:42PM (#17282172)
      they will now classify panty theifs as sex offenders

            Thank God stealing a bra is still ok...I was worried for a second there.
      • Re: (Score:3, Funny)

        by StikyPad (445176)
        In related news, the number of women on the sex offender list has skyrocketed due in part to a crackdown on shoplifting at Victoria's Secret.
      • by hyfe (641811)
        Thank God stealing a bra is still ok...I was worried for a second there.
        You know, they do sell bras at the store.....

        Alternativly, you could just lose some weight.

    • by nwbvt (768631)
      Here is the rest of the quote for those of you who don't want to RTFA:

      "Other than the photograph, which could be obtained easily by other means, they would gain no information that they did not already have - so the whole exercise would be pointless: the only information stored on the ePassport chip is the basic information you can see on the personal details page."

      The spokesman said the chip was one part of the security features of the ePassport.

      He said: "Being able to copy this does not mean that th

  • by zuki (845560) on Sunday December 17, 2006 @10:04PM (#17281906) Journal
    As it may be, the people in charge of budgetary approval for the programs which put all of these RFID solutions
    into place will steadfastly deny that anything is wrong until they are forced to do so, as agreeing that those are
    potentially high security risks would otherwise equate it with having to backtrack on what they previously approved,
    even though they were amply forewarned by many in the security-related field.

    It's really about not losing face at any cost, lest people start questioning other methods they employ.

    Human nature, really. Look no further than the voting machines controversy for parallels here in the US.

    Z.
  • by rrohbeck (944847) on Sunday December 17, 2006 @10:05PM (#17281914)
    Now another researcher has shown how to clone a European e-Passport in under 5 minutes.

    Thanks to a software he himself has developed, called RFdump, he downloads the passport's data onto his computer and then onto a blank chip.


    How long would it take for some 3 letter agency to show up at their door in the US?
    • How long would it take for some 3 letter agency to show up at their door in the US?

      Blow it. First they'd have to prove you did it, and pray tell, if the thing is a perfect clone, then by definition there is not going to be a way thats 100% certifiably accurate to tell them apart. You will be 100% at the mercy of the justice system, and it has amply proved many times that it doesn't have a clue, and couldn't buy one if the money was appropriated for it.

      I predict the first 100 cases that lead to an arrest,
  • "It is hard to see why anyone would want to access the information on the chip."
    Even if the info on the chip is just the same as what's printed in plain sight as they say... it's still defeating one of the security measures in short shrift. How is that not a concern? The fact that the electronic portion of it can be read and copied without actually needing the item (just need to be near it) is a great concern.

    Also, the article states that the key to some encrypted information on the chip is something that's
    • by Dunbal (464142) on Sunday December 17, 2006 @10:25PM (#17282048)
      It's a scary world when those who are old and have little clue about technology (the politicians) are told they need a high tech solution to a security issue.

            Careful. The hippies used to complain about how all the old farts in power didn't have a clue back then. Now they're running things, and look where we are. I shudder to think about what the world will be like when it's YOUR turn...
      • by spoco2 (322835)
        The problem isn't so much the generation itself, but moreso the people who end up being polititions.

        As Billy Connelly so aptly said once "The desire to be a politician should automatically disqualify you from ever being one" (Quoted from memory, may be paraphrasing)
        • They both may have said it, but several variations on that quote were present in Hitchhiker's Guide to the Galaxy (and possibly a few of the other books in that series.).

          See: http://www.quotationspage.com/quote/27540.html
      • by mwillems (266506)
        No, the hippies are NOT running things. I guess I am an aged hippie and if I were running things we would have a biometric/RFID passport when hell freezes over.

    • Re: (Score:2, Funny)

      by humungusfungus (81155)
      Plus, I bet they don't even know what STAT means.

      Of course they do, many of them are so old, latin was probably their mother-tongue.
    • Re: (Score:3, Insightful)

      by IWannaBeAnAC (653701)

      Well, the key needs to be printed somewhere on the passport.

      The big, huge security hole though, is that the key is made up of the passport number, the date of birth of the holder, and the expiry date, none of which are hard to come by. For example, the postman delivering your new passport can probably find your date of birth (when did you late get a birthday card?), and can make a pretty good guess as to when it expires (10 years plus or minus a few days), so if he can guess what the passport number is,

      • Re: (Score:3, Insightful)

        by Fastolfe (1470)

        Why not make the key some random digit string, printed inside the passport in machine-readable text? Then it would at least be impossible to read the passport without opening it.

        Off the top of my head (might be missing something obvious), by forcing the key to be made up of useful data, it becomes impossible to divorce the key from the holder's identifying information, as printed on the passport. By requiring the operator to enter the user's data as part of the key to decode the electronic data, it sort

  • by rimberg (133307) on Sunday December 17, 2006 @10:10PM (#17281938) Homepage
    The Open Rights Group [openrightsgroup.org](Think UK EFF) have a wiki page that provideds more information on this an othere issues with the British Biometric Passport [openrightsgroup.org] The European version of the biometric passport is planned to have digital imaging and fingerprint scan biometrics placed on the Radio Frequency chip. The government of UK thinks that the public has a negative opinion of RFID chips so instead they call it a contactless chip.
    • Re: (Score:3, Interesting)

      by bigberk (547360)
      There is a huge difference between "RFID chips" and "contactless smart cards"! They both use the same frequency band and similar communication protocols, but RFID chips have no crypto while contactless smart cards have all the AES, MAC, etc. stuff plus secure filesystem storage.

      There is a huge difference, I keep posting this but nobody seems to get the point: the walmart RFID chips have zero crypto, but the passport, payment cards have a ton of crypto. You can't just dump their contents

      The government calls
  • Yes I'm sure it's not very hard to 'read' what's stored on the Passport - but then it's never been very hard to visually look at it and read the paper - god knows how many photocopies there are of my passport in hotels and car-rentals across the planet.
    The point of the RFID passport et al is to be able to verify it's genuine. You wave the passport at a border, it summons the electronic version and a check can be made that they match - i.e. verifies that somebody hasn't inserted an alternate photo etc.
    If t
    • Re: (Score:2, Interesting)

      by rrohbeck (944847)
      but then it's never been very hard to visually look at it and read the paper

      Not when it's in my pocket.

      I can't believe how juicy this is. Imagine being able to get your dirty fingers on the theft prevention system at the doors or a department store. Just a slight modification of the frequency and code, and let the harvesting begin.
  • huh? (Score:5, Insightful)

    by jshackney (99735) on Sunday December 17, 2006 @10:15PM (#17281974) Homepage
    It is hard to see why anyone would want to access the information on the chip.

    If no one would want to access that information, then why is it on the chip? Why even bother with the chip? Why even bother with the information?
    • by RexRhino (769423)
      The information on the chip is just information that is already printed on the passport. Having an RFID chip, however, makes it easier to read into a computer. Normally a border guard has to manually type your passport information into a computer. If you have ever waited 20 minutes for a border guard who doesn't speak or write english, to type in your passport information (imagine if you were trying to type up someone's cyrillic passport) - A quick swipe of an RFID card would turn the process into a 2 secon
      • Re: (Score:3, Informative)

        by hughk (248126)
        Most modern passports have an OCR section now on the ID page (and this is a condition of visa-less entry into the US now). All international passports cary the main data in Latin characters as well as the original Cyrillic, Arabic. Hebrew or whatever. Technically this is a French transliteration, which may actually be a slightly different to the English.
  • by b0s0z0ku (752509) on Sunday December 17, 2006 @10:30PM (#17282102)
    How is this different than Xeroxing a 2D barcode? Isn't that why there's biometric data on the passport and a digitally encoded photo - to render it useless even when cloned? Not to mention that the passport # *could* key to a database with the same data for verification purposes - the database should also contain records of passport #'s invalidated due to theft, cloning, or whatever. The data on the RFID chip is *meant* to be read. Rerecording the bitstream is a trivial exercise.

    Cheers,
    -b.

  • If this happened in the 3rd world, those in countries like these (the 1st world) would say:

    "What do you expect?" "It's the 3rd world."

    They need more "technical assistance" from us who are more developed.

    But I am not surprised, after all the US, which is the "most technically advanced" country in the world, cannot secure its borders. But is it?

  • by serutan (259622) <snoopdougNO@SPAMgeekazon.com> on Sunday December 17, 2006 @10:47PM (#17282204) Homepage
    Throw the researchers in jail for showing the weakness in the system. Problem solved!
  • why indeed? (Score:3, Insightful)

    by dredson (620914) on Sunday December 17, 2006 @10:50PM (#17282220)

    "It is hard to see why anyone would want to access the information on the chip."
    If that's true, then why use a chip at all?
  • by spasm (79260) on Sunday December 17, 2006 @10:55PM (#17282242) Homepage
    "It is hard to see why anyone would want to access the information on the chip."

    I think it's time someone cloned his passport and got busted importing drugs or weaponry or child porn or similar while on that passport. Hell, he's probably got a diplomatic passport == no search. Pure gold to anyone wanting to move anything *really* profitable.
    • by b0s0z0ku (752509)
      I think it's time someone cloned his passport and got busted importing drugs or weaponry or child porn or similar while on that passport.

      Isn't that the point of the biometric data/electronic photo - to make cloning the passport more difficult since the data in the chip has to match the person. If the bio. data is encrypted with a private key, the forger would have to know that key before forging the passport. They could even use, say, 10,000 different private keys to encrypt depending on the value of a

      • by spasm (79260)
        My comment was intended more cynically - if what the article suggests is true (cloning a passport is trivial) then someone should demonstrate the utility of such an act.

        Having said that, from the article: "Now for the clever bit. Thanks to a software he himself has developed, called RFdump, he downloads the passport's data onto his computer and then onto a blank chip. Using a standard off-the-shelf component you can just buy at a component store you can have a cloned ePassport in less than five minutes. W
  • Tinfoil (Score:2, Informative)

    by Shadyman (939863)
    You can always get one of these [difrwear.com] or just wrap your passport in tinfoil.

    BRB, I'm making a tinfoil hat for my passport, so it matches mine.
  • by Todd Knarr (15451) * on Sunday December 17, 2006 @11:22PM (#17282402) Homepage

    The proper response to that spokesman is "Well then, you won't mind lending us your passport for a minute, so we can copy it and put copies on sale in <district with notorious reputation>, will you?".

    Some politicians simply need the problem made their personal problem before they'll see it.

    • Insert "China" in that sentence. Or "Iraq".

      But then, some politicians simply need their lives ended so someone else can see it.
  • How about a switch (Score:2, Interesting)

    by phlipped (954058)
    How about having an electronic switch built in to the passport, so that the chip only works when someone holding it wants it to work. For example, you could set it up so that the chip only works when the passport is opened flat on the details page at the front.

    I can't imagine it being that hard in theory, although divising a reliable and rugged switch may be a bit more challenging.

    Still, I bet it could be done, and it pretty much eliminates all the concerns about people reading the chip without your permiss
  • a smart bomb, planted by a terrorist group, to trigger when n passports from a target country are in the vicinity, as long as fewer than x passports from countries friendly to the terrorists are also present.

    Alternatively, imagine a government putting monitoring devices in public places, or at the entry ways to residential buildings, and tracking when/if people of certain profiled countries are congregating.

  • What I worry about is a working hack that allows people to insert a different photograph into the information on the chip. There is not border guard in the world who will reject a passport if his electronic scanner shows the photo of the person standing in front of him.

    In the "old days" a passport could have had a new photo glued over the top. These could be spotted and rejected. Any new hacks that had a glued-over photo that corresponded with the pic in the RFID chip, would be far less likely to be picked

  • by jcr (53032) <jcr&mac,com> on Monday December 18, 2006 @03:37AM (#17283588) Journal
    Just once, when one of these government prats is bragging about their latest and greatest hard-to-forge ID paraphernalia, I hope SOME reporter will point out the uncomfortable fact that none of the 9/11 perps were travelling with forged documents. They had passports in their own names, and credit cards. They made NO attempt to conceal their identities, and in fact were most likely hoping to be hailed as heroes by their fellow fanatics.

    If the bad guys were still in the business of trying to bring down airplanes, they'd use people with squeaky-clean records to do the attacks. Let's not kid ourselves, they HAVE people with squeaky-clean records.

    -jcr

  • The technology used (Score:4, Informative)

    by Eljas (911123) on Monday December 18, 2006 @05:04AM (#17283904) Journal

    Many people here seem to make claims on RFID security without knowledge of the technology actually used. I have done some research on the subject so I think I can give some pointers. Details about the technology can be found at ICAO's web page [icao.int] and short presentation on the subject Jacobs/Wichers Schreur [utwente.nl].

    The communication between the password and the reader is encrypted using information in the Machine Readable Zone at the bottom of the passport. This is the basic way to authorize passport reading. The MRZ-information is generated from the information of the passport holder and random numbers. If bad numbering scheme [whatthehack.org] is used, breaking the encryption is quite possible. If large enough random numbers are used, breaking the encryption with brute force is currently not practical.

    The authentication is done using public key cryptography. Currently only Passive Authentication is mandatory, but Active Authentiacation is supported and it is mandatory when fingerprint information is contained in the passport. With only Passive Authentication cloning of MRZ-compromized passport is easy, but with Active Authentication it should be unfeasibly difficult.

    Reading and cloning an European RFID passport which is using all available security measures (like the e-passports in Finland) is not as trivia as many people here seem to think. As long as there are no backdoors in the cryptography (e.g. for the intelligence agencies) I think the technology is quite sound. Not using all available cryptography is just bad choise by the goverment issuing the passports.

    The scheme in TFA is nothing new and nothing revolutionary. If you have physical access to a passport with only Passive Authentication cloning is trivial, as pointed in TFA. This is actually how the technology was designed to work. Maybe the design is bad, but that is hardly big suprise, since the technology is compromize between many organizations and goverments. When someone clones a passport which has Active Authentication, then that is real news.

Those who can, do; those who can't, simulate.

Working...