Saturday, February 04, 2006
Dutch RFID e-passport cracked -- US next?
From Engadget.com:
Read the rest of the article: Dutch RFID e-passport cracked -- US next? - Engadget
This is rather scary. It seems to me that this may be the one time that the good old fashion paper passport may be the better choice. Wait... I guess the paper passports are even easier to fake too. Ok, forget it, we're screwed either way. ¶ 1:27 PM
A Dutch television program "Nieuwslicht" recently worked with local security firm Riscure to successfully crack and decrypt a Dutch-prototype RFID passport. In this case, the data exchange between the RFID reader and passport was intercepted, stored, and then the password was cracked later in just 2 hours on a PC giving full access to the digitized fingerprint, photograph, and all other encrypted and plain text data on the RFID tag -- just perfect for slapping together a cloned passport, eh? The flaw, at least in part, is due to the algorithm used when generating the secret key to protect the data. The key turns out to be predictable given that it is sequentially issued and constructed from the passport expiry date, birth date, passport number, and checksum. But don't kick back in superior isolationism just yet kid. Starting October 2006 the US will issue all new passports using the same ISO 14443 RFID tag and Basic Access Control encryption scheme employed by the Dutch e-passports (and others) and adopted by the ICAO as global standards...
Read the rest of the article: Dutch RFID e-passport cracked -- US next? - Engadget
This is rather scary. It seems to me that this may be the one time that the good old fashion paper passport may be the better choice. Wait... I guess the paper passports are even easier to fake too. Ok, forget it, we're screwed either way. ¶ 1:27 PM
