UK Passport RFID Cracked

Three million Britons
have been issued with the new hi-tech passport, designed to frustrate
terrorists and fraudsters. So why did Steve Boggan and a friendly
computer expert find it so easy to break the security codes?

“The Home Office has adopted a very high encryption technology
called 3DES – that is, to a military-level data-encryption standard
times three. So they are using strong cryptography to prevent
conversations between the passport and the reader being eavesdropped,
but they are then breaking one of the fundamental principles of
encryption by using non-secret information actually published in the
passport to create a 'secret key'. That is the equivalent of installing
a solid steel front door to your house and then putting the key under
the mat.”

Within minutes of applying the three passports to the
reader, the information from all of them has been copied and the
holders' images appear on the screen of Laurie's laptop. The passports
belong to Booth, and to Laurie's son, Max, and my partner, who have all
given their permission.

Booth is staggered. He has undercut
Laurie by finding an RFID reader for £174, which also works. “This is
simply not supposed to happen,” Booth says. “This could provide a
bonanza for counterfeiters because drawing the information from the
chip, complete with the digital signature it contains, could result in
a passport being passed off as the real article. You could make a
perfect clone of the passport.”

From The Guardian.

Advertisements

Author: Xavier Ashe

Entrepreneur, Infosec Executive, CISSP, CISM, Ironman triathlete, traveler, UU, paleo, father of 8, goyishe, gamer, & geek. http://linkedin.com/in/xavierashe

0 thoughts on “UK Passport RFID Cracked”

  1. Following criticism from computer security professionals and civil libertarians about the privacy risks posed by new RFID passports the government plans to begin issuing, a State Department official said his office is reconsidering a privacy solution it rejected earlier that would help protect passport holders’ data.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s