The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

UK Passport RFID Cracked

Posted by Xavier Ashe on November 17, 2006

Three million Britons
have been issued with the new hi-tech passport, designed to frustrate
terrorists and fraudsters. So why did Steve Boggan and a friendly
computer expert find it so easy to break the security codes?

“The Home Office has adopted a very high encryption technology
called 3DES – that is, to a military-level data-encryption standard
times three. So they are using strong cryptography to prevent
conversations between the passport and the reader being eavesdropped,
but they are then breaking one of the fundamental principles of
encryption by using non-secret information actually published in the
passport to create a 'secret key'. That is the equivalent of installing
a solid steel front door to your house and then putting the key under
the mat.”

Within minutes of applying the three passports to the
reader, the information from all of them has been copied and the
holders' images appear on the screen of Laurie's laptop. The passports
belong to Booth, and to Laurie's son, Max, and my partner, who have all
given their permission.

Booth is staggered. He has undercut
Laurie by finding an RFID reader for £174, which also works. “This is
simply not supposed to happen,” Booth says. “This could provide a
bonanza for counterfeiters because drawing the information from the
chip, complete with the digital signature it contains, could result in
a passport being passed off as the real article. You could make a
perfect clone of the passport.”

From The Guardian.

Advertisements

No Responses Yet to “UK Passport RFID Cracked”

  1. Anonymous said

    Following criticism from computer security professionals and civil libertarians about the privacy risks posed by new RFID passports the government plans to begin issuing, a State Department official said his office is reconsidering a privacy solution it rejected earlier that would help protect passport holders’ data.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: