E-Passport Cloned In Five Minutes 259
Last month a panel of EU experts warned that the e-Passport's security is "poorly conceived", and in fact a week later a British newspaper demonstrated a crack. Now another researcher has shown how to
clone a European e-Passport in under 5 minutes. A UK Home Office spokesman dismissed it all, saying "It is hard to see why anyone would want to access the information on the chip."
Well then, (Score:5, Insightful)
Re:Well then, (Score:5, Insightful)
Re:Well then, (Score:4, Interesting)
But isn't the whole point of a secure passport to secure the identity of an individual? If the identity is not secure, we may as well not waste the time or money.
Tin foil hats, everyone (Score:5, Insightful)
Such ID numbers already exist (Score:4, Insightful)
Your birth certificate number could be read as CN.DN.cert-number. You have a social insurance number, social security number, or equivalent. You are numbered by your driver's license, your chequing account, your power bill, and a host of other unique identifiers.
I have no objection to SECURE identification. I object to wasting billions on useless crap.
Re:Such ID numbers already exist (Score:3, Informative)
Yes, but not co-ordinated like this (Score:5, Insightful)
Yes, governments have databases about the citizens of their countries, for tax purposes, medical purposes, driver licensing and so on. That in itself is not unreasonable, as long as the data collected is necessary for the purpose, properly and securely handled, with suitable checks made on those with access to it and confidentiality maintained.
The National Identity Register in the UK, however, will combine most of the existing government databases into a single, centralised point of failure. In practice, it will likely be the case that most government departments and many outside agencies will have access to all of the records about an individual, not just those they have reason to see.
A second major concern is that the NIR will track every time it is checked. That won't help with the identity theft problem that follows from the above, unless the security of access is near-perfect across many thousands of people with access to the database. It will, however, mean that once the national ID card becomes the "easy option" for identity verification, the government has a handy record of each citizen's entire life: where they shop, which financial services they've been using, jobs they've been applying for, where they've travelled and who with, etc. There is simply no need for any state organisation to keep this sort of information about any citizen, other than when conducting legitimate surveillance of a suspect for genuine security purposes, with independent oversight.
Identity thieves, however, already happy to be part of the fastest-growing and most profitable crime wave in recent history, have hit the jackpot. Just along the Slashdot front page from this story as I write this, there is another article estimating that 100 million personal information leaks have occurred within the past couple of years or so. If that combination isn't reason enough to stop the NIR plans right now, I don't know what kind of sanity prevails in the government's universe.
Re:Tin foil hats, everyone (Score:3, Interesting)
My point was really that (here in the UK at least, so I don't expect you to realise it) the ID cards are always pushed by the government as the way to make us all more secure against terrorism. It will save us all, you see. It's the primary reason for introducing the scheme. Never mind that most experts (inc. the police and MI5, iirc) disagree - and you, as someone living in an ID card carrying country, seem to disagree too.
Oh yay, you certainly know how to sell me on the benefits of having an ID card! :-) I think I speak for many people when I say that being able to identify my charred body via an ID card is not top of my priorities.
Er, got a source for that assertion?
Ah. So no, then.
That's 'probably' why the UK govt keeps refusing to give an estimate of how much the ID card system would cost.
A lot of the resistance, as well as a dislike for the general concept/system, is merely that it won't improve anything, so why waste billions of pounds of UK taxpayers' money implementing it?
Re:Well then, (Score:5, Insightful)
Stronger than that, the data on the chip is digitally signed, so even if you can tracelessly replace the chip in the passport with a different one that has the photo you want, you're not going to be able to generate the appropriate digital signature for the altered data. This technology makes the passports effectively unalterable, as long as the chip is intact.
Not exactly. To read the passport data you have to have the authentication key. To get the authentication key, you need to have the passport, because the data that the key is derived from is printed inside. Note, however, that it has been shown that a large enough portion of the printed data is guessable, given basic information like the passport holder's name and a guess at his or her age, that the rest can be brute-forced pretty quickly. So there *is* a possibility it could be read without the owner's knowledge, but it's not completely trivial and does require some additional information.
The US has addressed this issue by putting a shielding mesh in the passport cover, which isolates the chip when the cover is closed.
Re:Well then, (Score:3, Insightful)
Re:Well then, (Score:5, Insightful)
Just like it is hard to see why anyone would want to blow up an aircraft? I think that people are still thinking within the sandbox and not realising that the real risk is what we have not yet thought of. There will be lots of reasons to want to access the information and to change it or learn to create false IDs that Joe Average security assumes to be valid because it is state of the art.
Re:Well then, (Score:2)
Re:Well then, (Score:5, Interesting)
It's a common failure that occurs in these scenarios.
As part of my research on driver's licensing issues, when states added photos to driver's licenses (starting in the late 60's) the word "fraud" never entered the picture. Driver's licenses were essentially fraud free documents before the photographs were added--so it really never entered anyone's mind that things would change once the document became more powerful/useful/trusted.
Re:Well then, (Score:5, Insightful)
Passport cloning isn't even the primary security concern here. Cloning a passport has become no harder or easier thanks to RFID. But Identity theft will become much much easier.
Can I zap it? (Score:4, Interesting)
Couldn't one kill the RFID chip by putting the passport in a microwave oven for a minute?
I can't imagine the rubber-stamper at immigration control not letting me through because he can't read my RFID tag... I'm sure a good percentage of non-zapped passports would fail to scan for one reason or another. If enough people did it, then they justn wouldn't be able to rely on them, period.
Re:Can I zap it? (Score:5, Interesting)
You make the invalid assumption that people at immigration desks are reasonable people - they are *not*. Some of them are little Hitlers with bad attitude, and the ones who aren't have their hands tied by the law - they have no discretion at all. If the law says you can't enter without a working chip, the immigration officer (even the world's friendliest and most reasonable one) has no choice but to deport you. Just as they would deport you if your passport photo was mutilated.
(I'll make one exception for the little Hitlers - one notable aberration is Houston's immigration desks - those people are polite and make you feel welcome to the United States - truly refreshing to get to an immigration desk where it isn't just stony faces and demands to see that you have a return plane ticket. I frequently travel through Houston and they've always had good people there. Dallas Ft.Worth on the other hand - I will never travel through that airport again).
Re:Can I zap it? (Score:4, Insightful)
What will happen if my Electronic passport fails at a port-of-entry?
The chip in the passport is just one of the many security features of the new passport. If the chip fails, the passport remains a valid travel document until its expiration date. The bearer will continue to processed by the port-of-entry officer as if he/she had a passport without a chip.
Re:Well then, (Score:3, Insightful)
I disagree. It's pretty good security. It does have one flaw, that there's not enough entropy in the MRID (the info printed on the inside that is needed to authenticate to the chip) which makes brute force searches too easy, but if that flaw were fixed, I would call it very good security.
Re:Well then, (Score:3, Funny)
I see you must be new here.
Re:Well then, (Score:2)
Re:Then why put it on? (Score:5, Insightful)
Re:Then why put it on? (Score:2)
Re:Then why put it on? (Score:3, Informative)
Apply for a bank account/credit card... identity theft stuff. A passport is prime ID. I believe you can do as much with it as with a birth certificate (probably more since you cannot use a birth certificate to get back into the U.S. by air and soon by ground as well). In fact, I wouldn't doubt that you could order a duplicate birth certificate with it... or maybe go to a social security office with it and claim you lost your SSN card and would like to know the number. You could probably cause a lot of problems. Or if you were a terrorist from say Iran, you could fake a U.S. citizenship and get into the country without a hassle. Theft of someone's identity is very serious.
And if they mess up the systems dealing with passports when they become required for all entries to the U.S. including ground entry from Mexico and Canada (and they *will* be required, it was just delayed for a year for ground crossings) there could be a HUGE impact. They are America's two biggest trading partners accounting for something like half of all foreign trade (Canada is the U.S.'s biggest trading partner... Mexico I believe is a close second and maybe soon to pass the Canadians). What if, for example, the trucks all of a sudden couldn't roll across the border because the driver's passports were messed up (in either direction by the way... what American driver is going to want to leave if he/she can't get back in)?
Was the Home Office spokesman an idiot? (Score:5, Insightful)
Something is just wrong with the UK's Home Office. Today I read that they will now classify panty theifs as sex offenders [sundaymirror.co.uk], receiving the same long-term classification on the sex offenders' registry as child abusers, rapists, and child pornographers.
and if your name is written on said panties (Score:3, Funny)
Re:and if your name is written on said panties (Score:5, Funny)
ob Simpsons:
Skinner: Oh, it's a miracle no one was hurt.
Otto: I stand on my record - fifteen crashes and not a single fatality!
Lou: Let's see your license, pal.
Otto: No can do. Never got one. But, if you need proof of my identity, I wrote my name on my underwear... Oh wait, these aren't mine!
Skinner: Well that tears it! Until you get a license and wear your own underwear, mister, you are suspended without pay!
Re:Was the Home Office spokesman an idiot? (Score:5, Funny)
Thank God stealing a bra is still ok...I was worried for a second there.
Re:Was the Home Office spokesman an idiot? (Score:3, Funny)
Re:Was the Home Office spokesman an idiot? (Score:2)
Alternativly, you could just lose some weight.
Re:Was the Home Office spokesman an idiot? (Score:2)
So no, they would not be able to access confidential information like credit card numbers. And I'm really curious why you think a British passport would have a social security number.
Re:Was the Home Office spokesman an idiot? (Score:4, Funny)
Re:Was the Home Office spokesman an idiot? (Score:4, Insightful)
Re:Was the Home Office spokesman an idiot? (Score:2)
Says who? Paranoid politicians bent on reelection through spreading fear? Police chiefs who want more power?
If you want to trust your children, the most precious thing you have, to someone then you don't want them to have ANY record.
You also have a responsibility: not to turn your children into paranoid imbeciles before loosing them on society, and it looks to me like you're failing. Besides, under what circumstances do you have to "trust" your children to anyone? Both my parents were working, but growing up, I don't remember ever being left in the care of any strangers in situations where I could have been abused or harmed. Maybe you're simply a bad parent.
And maybe we should throw constitutional rights out the window for the sake of the children and take away all children from their parents at birth; after all, a large percentage of child abuse and molestation happens at the hands of family members. Think of the children! We need to protect them from this danger!
Re:Was the Home Office spokesman an idiot? (Score:5, Insightful)
Only a tiny fraction of the people who are being branded second class citizens for life, and being subjected to a lifetime of harrasment and violence at the hands of vigilantes, did anything remotely like rape or molestation. Most commited only voluntary, consentual sex acts with people their own age.
Sex offender lists, and their sister paranoia law enforcement, Do Not Fly list, are part of our societies current irrational, paranoid, fear of boogie men - being afraid of sex offenders or terrorists depending on where you live and your political beliefs. Personally, I am far more disturbed by the people who believe their friends or neighbors are all devious sexual preditors lurking to rape their kids - If anything I would be far more worried about the guy who is constantly paranoid of sex offenders (ala Mark Foley), than I would the college football players who get arrested doing a panty raid on the girls sorority. Or I would be far more frightened of the people who think everyone named "Mohammed" may be a terrorist, than I would be of someone named "Mohammed" sitting next to me on a plane.
Maybe read Author Miller's "The Crucible" ( http://en.wikipedia.org/wiki/The_Crucible [wikipedia.org] ) to get a good idea of the sort of Moral Panic ( http://en.wikipedia.org/wiki/Moral_panic [wikipedia.org] ) our society is in today.
Re:Was the Home Office spokesman an idiot? (Score:2)
Re:Was the Home Office spokesman an idiot? (Score:2)
In other words, "If everybody else does it, then it is OK for us to do it."
What a perfect example of exactly that kind of "cop logic" used to justify the thin blue line that the promotes the distrust that the GP expressed.
Re:Was the Home Office spokesman an idiot? (Score:5, Insightful)
Re:Was the Home Office spokesman an idiot? (Score:2, Insightful)
Some people might just like to be steal people's underwear, because they think it's a funny thing to do. (Though of course, yes, there are some people who... really like underwear.)
Re:Was the Home Office spokesman an idiot? (Score:3, Insightful)
So someone who steals a magazine (or an online porn account) for the purpose of getting a sexual thrill should be classified as a sex offender?
Oh is it only because the victim felt violated? What if a mugger looks "strangely" at a lady after taking her purse and other valuables (ID, camera phone etc) but lets her go, and she feels violated? Should the mugger be classified as a sex offender too?
Or what if the mugger got a sexual thrill out of her photos?
Sure motive is important, but I think people should be a bit careful before they start creating the Ministry of Thoughtcrime.
Re:Was the Home Office spokesman an idiot? (Score:4, Insightful)
Says who? You? Heck, why don't we start arresting people for thought crimes, then?
In a nation of laws, people get punished for what they actually do, not for some prediction of what they might or might not do in the future. Apparently, you prefer to live in a totalitarian nation, in which the state can charge anybody with absolutely anything if they just so please.
In other news, bureaucrats develop sentience (Score:5, Insightful)
into place will steadfastly deny that anything is wrong until they are forced to do so, as agreeing that those are
potentially high security risks would otherwise equate it with having to backtrack on what they previously approved,
even though they were amply forewarned by many in the security-related field.
It's really about not losing face at any cost, lest people start questioning other methods they employ.
Human nature, really. Look no further than the voting machines controversy for parallels here in the US.
Z.
At least they can publish this... (Score:5, Interesting)
Thanks to a software he himself has developed, called RFdump, he downloads the passport's data onto his computer and then onto a blank chip.
How long would it take for some 3 letter agency to show up at their door in the US?
Re:At least they can publish this... (Score:2)
Blow it. First they'd have to prove you did it, and pray tell, if the thing is a perfect clone, then by definition there is not going to be a way thats 100% certifiably accurate to tell them apart. You will be 100% at the mercy of the justice system, and it has amply proved many times that it doesn't have a clue, and couldn't buy one if the money was appropriated for it.
I predict the first 100 cases that lead to an arrest, they will get the wrong person 99% of the time because he's the one identified by the cloned passport. If they have the cloned passport, and the real person still has his, some judge might get it but it'll be dicey. The innocent will still be out his life savings for attorneys fees.
This whole fscking RFID thingy was a product looking for a market and the proponents don't give a shit who they kill to get that marketshare. Its been a classic case of if you can't dazzle them with brilliance, then baffle them with bull shit. And so far all we're getting is bull shit because the dummies that authorize this crap believe the sales brochures are the word of God Almighty. I have a phrase I apply to such people and its not printable in mixed company.
If they handed me one of those things, I'd probably take a hammer to the chip just to make sure it didn't work. There is enough crap on the back of my drivers license, but at least its not copyable without me handing it to them as its a highly compacted barcode.
--
Cheers, Gene
completely ignores the point (Score:2)
Even if the info on the chip is just the same as what's printed in plain sight as they say... it's still defeating one of the security measures in short shrift. How is that not a concern? The fact that the electronic portion of it can be read and copied without actually needing the item (just need to be near it) is a great concern.
Also, the article states that the key to some encrypted information on the chip is something that's printed, in plain sight, on the passport... oh man.
It's a scary world when those who are old and have little clue about technology (the politicians) are told they need a high tech solution to a security issue. They hear a buzzword (RFID) and tell their people "Get something that used RFID into market STAT!"
Plus, I bet they don't even know what STAT means.
Re:completely ignores the point (Score:5, Insightful)
Careful. The hippies used to complain about how all the old farts in power didn't have a clue back then. Now they're running things, and look where we are. I shudder to think about what the world will be like when it's YOUR turn...
Re:completely ignores the point (Score:2)
As Billy Connelly so aptly said once "The desire to be a politician should automatically disqualify you from ever being one" (Quoted from memory, may be paraphrasing)
Re:completely ignores the point (Score:2)
See: http://www.quotationspage.com/quote/27540.html
Re:completely ignores the point (Score:2)
Re:completely ignores the point (Score:2)
It's conceivable that both said the same thing, in their own way, with no influence from the other. From The Restaurant at the End of the Universe (emphasis mine):
Words of wisdom!
Re:completely ignores the point (Score:2)
Re:completely ignores the point (Score:2, Funny)
Of course they do, many of them are so old, latin was probably their mother-tongue.
Re:completely ignores the point (Score:3, Insightful)
Well, the key needs to be printed somewhere on the passport.
The big, huge security hole though, is that the key is made up of the passport number, the date of birth of the holder, and the expiry date, none of which are hard to come by. For example, the postman delivering your new passport can probably find your date of birth (when did you late get a birthday card?), and can make a pretty good guess as to when it expires (10 years plus or minus a few days), so if he can guess what the passport number is, then he can read and clone your passport without even opening the envelope!
I don't know what idiot dreamed up using that particular data as the 'secret' key, they deserve to be shot. Why not make the key some random digit string, printed inside the passport in machine-readable text? Then it would at least be impossible to read the passport without opening it.
Re:completely ignores the point (Score:3, Insightful)
Off the top of my head (might be missing something obvious), by forcing the key to be made up of useful data, it becomes impossible to divorce the key from the holder's identifying information, as printed on the passport. By requiring the operator to enter the user's data as part of the key to decode the electronic data, it sort of requires that the printed data match the electronic data. Without this check, the operator would have to visually compare the two, which might make it slightly easier to attempt low-tech forgeries where the information doesn't actually match.
Of course, even if that were one of their reasons behind the design, that wouldn't excuse them from not mixing the passport holder's data with a random number in the manner you suggest.
Re:completely ignores the point (Score:2)
See my other reply to the GP, the security hole is that the key is make up of information that is not single-purpose. The expiry date of your passport, you date of birth, and your passport number. None of these are particularly secret, and someone could obtain them without arousing any suspicion and read the passport from your pocket (or the envelope it was posted in....).
If, alternatively, the key was some random string that was ONLY used for the key, then (1) it wouldn't be possible to guess it without opening the passport, and (2) it would be hard for someone to get the key without attracting interest.
The receptionist at the youth hostel asking for your passport number, expiry and date of birth is not suspicious - indeed in some countries they are required to collect this information anyway. Then the bad guy doesn't even need to see your passport, it can be cloned while it remains in your back pocket. On the other hand, if the key was some random string then it would be a bit harder for the bad guy to obtain (although still not too hard).
The new passports probably make it very difficult, if not impossible, to copy/steal a passport and substitute a different photo. But it sounds like they are ridiculously easy to clone, so instead of taking at minimum a few minutes with physical access to the passport, it now takes a few seconds with a remote scanner. If the bad guys work somewhere where lots of people are passing by (the reception of a youth hostel, for instance!), they can just wait until someone goes by who looks similar to the person they want the fake passport for. This is much harder to detect.
I can see this as leading to a big push for more biometrics, in fact. "The terrorists have started cloning passports of similar looking people, to stop this we need to put your fingerprints and iris scan on the passport too!". Was this always the plan?
Open Rights Group - Biometric passport (Score:5, Informative)
Re:Open Rights Group - Biometric passport (Score:3, Interesting)
There is a huge difference, I keep posting this but nobody seems to get the point: the walmart RFID chips have zero crypto, but the passport, payment cards have a ton of crypto. You can't just dump their contents
The government calls them contactless smart cards because that is what they are, of course the media and everyone else uses the blanket term "RFID" to refer to all of it and works themselves up into a frenzy while not understanding the characteristics of the technology.
This is all FUD (Score:2)
The point of the RFID passport et al is to be able to verify it's genuine. You wave the passport at a border, it summons the electronic version and a check can be made that they match - i.e. verifies that somebody hasn't inserted an alternate photo etc.
If the RFID is just containing a serial number - then why not just use a barcode etc. If passport is broadcasting full details including photos, then the crack that's interesting is if somebody concocts their own passport - and then gets it recognized as a fully signed valid one.
Seeing as most passport fraud is just a genuine one, obtained by a similar looking (or even using the photo of the person going to use it), non-travelling person - then all these schemes are pointless. The weakest link is right at the start with the passport application process. The person who issues your passport hasn't got the slightest clue who you are - and as passports by their very definition are international, if you have trouble getting one in one country, you can just try from another.
Re:This is all FUD (Score:2, Interesting)
Not when it's in my pocket.
I can't believe how juicy this is. Imagine being able to get your dirty fingers on the theft prevention system at the doors or a department store. Just a slight modification of the frequency and code, and let the harvesting begin.
and at best you'll end up with thousands (Score:3, Insightful)
huh? (Score:5, Insightful)
If no one would want to access that information, then why is it on the chip? Why even bother with the chip? Why even bother with the information?
Re:huh? (Score:2)
Re:huh? (Score:3, Informative)
And the problem is... (Score:3, Interesting)
Cheers,
-b.
Re:Or maybe there should be no database? (Score:3)
Ok, but the fact is that we *already* have a lot of pissed-off people wanting to fuck the "West" in any way they can. We do want to prevent them from entering our countries and doing harm. Far better to stop them at the borders rather than enacting Draconian *internal* security measures to protect against terrorism. And, BTW, there's already a database of passport data (at least in the US) - even in the 80s when I was traveling with my family as a kid, I remember seeing the passport inspectors at JFK keying passport numbers into a terminal.
From a privacy standpoint, a robust passport security system is at the very bottom of my list of worries, as long as the passport is only used as a legitimation for foreign travel.
-b.
Re:Or maybe there should be no database? (Score:2)
No need to make it easier for them, though. By your logic, nations shouldn't even *try* to stop foreign criminals from entering their borders? Internal ID cards, etc, are a separate issue that isn't being discussed here, and good external security reduces the need for internal clampdowns.
-b.
If this happened in the 3rd world... (Score:2)
"What do you expect?" "It's the 3rd world."
They need more "technical assistance" from us who are more developed.
But I am not surprised, after all the US, which is the "most technically advanced" country in the world, cannot secure its borders. But is it?
Re:If this happened in the 3rd world... (Score:2)
I knew that, and I'm from Pennsyltucky!
Re:If this happened in the 3rd world... (Score:2)
The Solution is Obvious (Score:5, Funny)
why indeed? (Score:3, Insightful)
a simple way to correct cluelessness (Score:3, Informative)
I think it's time someone cloned his passport and got busted importing drugs or weaponry or child porn or similar while on that passport. Hell, he's probably got a diplomatic passport == no search. Pure gold to anyone wanting to move anything *really* profitable.
Re:a simple way to correct cluelessness (Score:2)
Isn't that the point of the biometric data/electronic photo - to make cloning the passport more difficult since the data in the chip has to match the person. If the bio. data is encrypted with a private key, the forger would have to know that key before forging the passport. They could even use, say, 10,000 different private keys to encrypt depending on the value of a hash of birth year, eye color, height, name, etc, so that one private key leaking won't spoil security for everyone's passport.
-b.
Re:a simple way to correct cluelessness (Score:2)
Having said that, from the article: "Now for the clever bit. Thanks to a software he himself has developed, called RFdump, he downloads the passport's data onto his computer and then onto a blank chip. Using a standard off-the-shelf component you can just buy at a component store you can have a cloned ePassport in less than five minutes. When the cloned ePassport is read and compared to the original one it behaves exactly the same.
It's not exactly a high-tech article, and the reporter definitely sounds a bit credulous, but as I recall the original argument was that duplicating the rfid was essentially impossible due to the kind of reasons you suggest. The article suggests that this argument is a nonsense, and that there may be other security holes as well ("the key to unlocking the passport's chip consists of details actually printed on the passport itself") which may weaken or invalidate other core aspects of the putative security model.
Tinfoil (Score:2, Informative)
BRB, I'm making a tinfoil hat for my passport, so it matches mine.
The proper response is... (Score:5, Insightful)
The proper response to that spokesman is "Well then, you won't mind lending us your passport for a minute, so we can copy it and put copies on sale in <district with notorious reputation>, will you?".
Some politicians simply need the problem made their personal problem before they'll see it.
China (Score:2)
But then, some politicians simply need their lives ended so someone else can see it.
How about a switch (Score:2, Interesting)
I can't imagine it being that hard in theory, although divising a reliable and rugged switch may be a bit more challenging.
Still, I bet it could be done, and it pretty much eliminates all the concerns about people reading the chip without your permission.
Imagine this scenario (Score:2)
Alternatively, imagine a government putting monitoring devices in public places, or at the entry ways to residential buildings, and tracking when/if people of certain profiled countries are congregating.
The technology makes be feel assured (Score:2)
What I worry about is a working hack that allows people to insert a different photograph into the information on the chip. There is not border guard in the world who will reject a passport if his electronic scanner shows the photo of the person standing in front of him.
In the "old days" a passport could have had a new photo glued over the top. These could be spotted and rejected. Any new hacks that had a glued-over photo that corresponded with the pic in the RFID chip, would be far less likely to be picked-up. Guards would believe it, because the technology would convince them the passport was genuine.
In any case, we may get to the situation where nobody would look anyway. I came through the gates of Melbourne Airport in Australia a few days ago with my ePassport. I was told by a border guard that soon I would be able to "check myself in" using the passport, without needing to see a border guard.
Comment removed (Score:3, Insightful)
The technology used (Score:4, Informative)
Many people here seem to make claims on RFID security without knowledge of the technology actually used. I have done some research on the subject so I think I can give some pointers. Details about the technology can be found at ICAO's web page [icao.int] and short presentation on the subject Jacobs/Wichers Schreur [utwente.nl].
The communication between the password and the reader is encrypted using information in the Machine Readable Zone at the bottom of the passport. This is the basic way to authorize passport reading. The MRZ-information is generated from the information of the passport holder and random numbers. If bad numbering scheme [whatthehack.org] is used, breaking the encryption is quite possible. If large enough random numbers are used, breaking the encryption with brute force is currently not practical.
The authentication is done using public key cryptography. Currently only Passive Authentication is mandatory, but Active Authentiacation is supported and it is mandatory when fingerprint information is contained in the passport. With only Passive Authentication cloning of MRZ-compromized passport is easy, but with Active Authentication it should be unfeasibly difficult.
Reading and cloning an European RFID passport which is using all available security measures (like the e-passports in Finland) is not as trivia as many people here seem to think. As long as there are no backdoors in the cryptography (e.g. for the intelligence agencies) I think the technology is quite sound. Not using all available cryptography is just bad choise by the goverment issuing the passports.
The scheme in TFA is nothing new and nothing revolutionary. If you have physical access to a passport with only Passive Authentication cloning is trivial, as pointed in TFA. This is actually how the technology was designed to work. Maybe the design is bad, but that is hardly big suprise, since the technology is compromize between many organizations and goverments. When someone clones a passport which has Active Authentication, then that is real news.
RFID is absolutely TERRIBLE for security (Score:5, Insightful)
No one is claiming that magnetic stripes and/or bar codes are bad for security. In both cases they make it very marginally harder to copy and virtually eliminate data-entry errors. RFID has a BIG problem beyond that: It can be read without the knowledge of the holder.
No one can read the inside of my paper passport without me giving it to them - nor my magstripe nor bar code. I have complete control over who sees it. Sure, I might be conned into showing someone, but they have to con me. RFID means that:
1. They can copy my information without me ever showing it to them.
2. They can READ my information without me ever showing them, allowing them to identify me from a distance.
3. Even with a perfectly random RFID system, they can identify your nationality from afar, which obviously may make you a target in some circumstances.
To be SAFE, an RFID system must have a) zero emissions in the closed state (eg a tested foil cover) AND b) No non-random information broadcast from the chip. (that is, a random passportID that is broadcast that has NO other information until you look it up in the appropriate database.)
"b" is necessary because "a" alone still allows someone nearby you to snoop whenever you have to show your passport somewhere.
Re:RFID is absolutely TERRIBLE for security (Score:4, Insightful)
- That person is carrying a passport
- Someone with a passport is probably a tourist
- A tourist would normally need to carry largish amounts of cash
- So lets mug them or double our prices.
If you're a tourist in another country, the LAST thing you would normally want to do is advertise that fact.
Re:RFID is absolutely TERRIBLE for security (Score:5, Funny)
Re:RFID is absolutely TERRIBLE for security (Score:3, Interesting)
For whatever reason, this brought to mind part of one of Laurie Anderson's song/stories from her "The Ugly One with the Jewels" album:
Re:RFID is absolutely TERRIBLE for security (Score:2)
Re:RFID is absolutely TERRIBLE for security (Score:2)
Re:RFID is absolutely TERRIBLE for security (Score:4, Informative)
1) Simple RFID chips that can be scan and read by anyone
2) Contactless smart cards (ISO 14443 etc), with crypto
Both use the same frequency band and similar hardware, but they are different beasts: one has crypto and the other doth not.
Identity information can be put on a contactless smart card but depending on how it is implemented (hopefully securely) you probably will NEED A KEY otherwise the crypto will prevent access. Take a wireless payment card or credit card (#2 category) for example. You can't just read/dump the bank account numbers on it. There is a crypto protecting the data.
On the other hand, walmart uses the non-crypto rfid chips. Yes you can just read the info on them, there is no encryption.
So when you say "RFID is terrible for personal security" you're right, RFID (#1 above) is completely inappropriate for privacy. But contactless smart cards (#2 above) is totally appropriate, and the passports use #2
Re:RFID is absolutely TERRIBLE for security (Score:4, Interesting)
The fun thing is that the moment the standard was created, everyone said that this is going to be a field day for the press when the first researcher figures out that the keys are so weak. The day has arrived
In reality the issue is blown out of proportion: the epassport is not that much of a privacy issue. Tourists can be spotted by a mile away by simply the way that they look and walk, and the smart tourist will leave the passport in the hotel safe anyway, carrying only a photocopy with him. You are in far more trouble if your passport gets stolen than if it gets copied: if you do not have your passport, dealing with any authorities in a strange country is going to be a problem, whereas if your passport gets copied, you still have the original.
Also, forging a passport is no easier than before - in fact, getting the digital and the physical passport data to match becomes a lot harder with the epassports. Reading something does not mean you can change it and write it back, as surely is well understood by anyone familiar with digital signatures.
Re:RFID is absolutely TERRIBLE for security (Score:2)
Re:RFID is absolutely TERRIBLE for security (Score:3, Interesting)
The problems with passports can be much more subtle, so I wouldn't count on the fact that adding the same data in RFID mode didn't do anything else than just have some redundancy to prevent reading errors.
A little tale from my experience: We were flying to Brasil from Lisboa with a flight that was first landing in Natal, and then flying to Recife. For some reason we never spotted an immigration office. I don't know if we were supposed to step out in Natal, get immigration stamps in the passport and then go back to the plane (the flight from Natal to Recife was domestic, because new passengers were boarding to Recife), or if we were supposed to look for immigration at Recife Airport. We didn't, and nobody seemed to care. When we were trying to leave Brasil three weeks later, the officer at border control pointed out that we were missing the immigration stamps. We were argueing, telling the story, he was insisting on immigration stamps. In the end he just pointed us to the gate, telling us "Nao entrada, nao saida" (No entrance, no exit), meaning "You have never been here, and you have never left."
A similar occurrence was when I was cycling with a group through the then still existing Czechoslovakia. We entered through the polish-slovakian border, and everyone got his passport stamped. We were leaving a week later through the czech-german border, and the officials were just stamping the list of all members of the group. A few weeks later I was again with the bicycle in Czechoslovakia, and I got controlled by the normal police about 30 km from the border, and the police got suspicious with me because I had two immigration stamps, but no exit stamp. So looking from the papers I had entered twice without leaving once. The patrol took me to the office, and then they phoned around for 1 1/2 hours, before just setting me free around midnight, when the train I was planning to take to Prague had just left.
What I am trying to say: Whenever some inconsistencies come up with your passport, they aren't migitated by having RFID chips somewhere. No one actually cares about this type of redundancy. Immigration officers are humans only, and errors will occur, and most of them will not be solved by looking at RFID chips, but in the end by reluctance of the powers in charge to press any further because it is late, because they don't want hassle or because it's easier to pretend nothing had happened. Given U.S. immigration procedures it will probably solved by just handing persons like me to indefinite detention without access to legal counsel. Because Electronics is always right, and if not, lock up everyone not hiding fast enough.
Re:RFID is not for security (Score:2)
Of course it can be. All you'd need to do would be to somehow zap the old RFID and attach another one in an inconspicuous fashion - possibly somehow inject it into the edge or the paperboard cover. Either that, or have a transmitter (concealed in a cell phone?) that happens to transmit the correct data at higher power when the passport is swiped. To activate it, pretend to scratch your leg.
But, same as before, the passport # keys to a database of passport data, so (at least some) immigration inspectors will be able to verify the authenticity of the thing to some extent at least.
-b.
Re:RFID is not for security (Score:3, Interesting)
Before the goons come to get me!! I'll say I know NOTHING about these new passports beyond what's on slashdot. I got no expertise in RFID beyond looking at it. A good security system should have something in place to prevent this sort of "cloning" attack... you'd hope like hell that somebody's thought about this!!! and they don't just send the goons to cover it up.. after all, that's the new policy for scientific reports now... and has been the policy for security reports since 9/11.
Re:RFID is not for security (Score:2, Funny)
Re:Could someone address the points raised? (Score:2)
Not really. I'm sure RFID writers are cheap enough for those who "need" them anyway to afford them. The biometrics afford the security. You could have (say) a retinal scan or a point map of a face saved in the RFID chip and encrypted with a private/public key algorithm. The agency encodes it with a private key in a secure location. Then they decrypt it with a public key. Without knowing the private key, it'll be harder (nothing is impossible) to alter the bio. data. Also, keep the *same* data in a database. Not all border posts will have connection to the database, but with those which do, you can use the passport number to pull the database contents to see if the passport has a valid record backing it.
-b.
Re:Could someone address the points raised? (Score:2)
With a skillful forgery or alteration, one could just insert a new chip, no?
-b.
Re:encrypted data is printed on the passport anywa (Score:2)
Re:encrypted data is printed on the passport anywa (Score:2)
Do you travel? I ask because I do, and I would like to see a "$20 pick-pocket" take my passport. I don't exactly carry it where this would be possible. And when I'm not carrying it, it's usually in a hotel safe. I tend to want to be able to get back into my country, so I'm carefull like that.
Putting an RFID chip on it changes this game. Unless I have a cage around it, the inside pocket of my jacket and the hotel safe no longer provide any security for the informaion contained therin.
And the idea that "The information printed on the passport is the same" doesn't really hold water. People doing menial jobs are, generally, lazy/unattentive. For example, my wife and I have credit cards that are the kind with your photograph printed on them. I've tried this a number of times (because I'm silly like that), and it has only failed once - I'll take her card and use it (without her with me or in view). Except for *one* time, I've never had a problem using her card. Nevermind that the picture on it obviously isn't me, the name on the card isn't right, and the signature certainly doesn't match.
The only way this passport RFID thing would work is if they actually came up with a worldwide system and simply encoded an ID number into the passport. You wave your passport in front of the reader, and up on the computer screen pops your picture, info, etc from the database. The passport simply becomes record number, with no actual information on/in it.
Of course, this also assumes a computer/database/network system that can not be hacked
- Roach
Re:Shielding? (Score:3, Informative)
Google is your friend.
http://www.google.com/search?q=passport+faraday+c
- Roach
Re:Shielding? (Score:2)
In other words, wrap it in tin foil. (If you want to get fancy, you can buy material with a conductive grid embedded in it, but not having used any I can't vouch for it. Should work in theory.)