I can’t seem to believe it. Are governments and National Security Agencies blind? E-Passports are becoming popular amoung a large no. of countries and it’s so easy to hack and clone, but no one has raised any concerns, Why ?
How E-Passports work? Why do we need them?
E-Passports are based on recent buzz of RFID. they broadcast some unique
id/information (theoratically) identifiable and understandable by only select Terminals put at airports.
In theory the RFID passports improve security and are faster to process.
The first is Ironical; the second not much better. Why?
What is faster are the new RFID chipped ID cards for border crossings: They broadcast their unencrypted info for 10 meters or more. Wow! Now that makes the HACKABLE!
E-passports not only threaten your personal safety traveling, the RFID chips are easy to clone and fake. How easy?
Here’s the picture of Elvis Presley’s e-passport on right (below).
The photo is taken from a passport scanner at a Dutch airport – no alarms or errors. But let’s look on the bright side: some salesman is making millions and some former bureaucrats have cushy gigs with RFID consultants.
The Hacker’s Choice, THC, has published a Tutorial on how to do it. The fake e-passport chip business is just starting. Future could be a mess! Government officials are you watching?
RFID finds other Applications <All Hackable>
RFID are great for their original application: tracking goods in a warehouse. But they are horribly insecure for financial and identity applications.
Solution and Alternatives:
Their may be some workarounds for passports. One of them being: If the immigration agent’s terminal queried a central database that brought up a 2nd photo not on the passport, then we could be fairly certain that it wasn’t a forgery. Another alternative: optical – not radio – data storage and encryption. A bar code scanner on a microscope could read tiny barcodes embedded in your photo.
The point is that RFID passports, drivers licenses, credit cards and other identity documents are the worse Idea. We KNOW that techno-criminals are ripping off people on the web. Why won’t these same people move on to RFID when the economics make sense?
And when there are hundreds of millions RFID documents circulating, we won’t be able to issue a patch and fix the hole in a few weeks. No, these holes will be open for years. Let’s discourage our governments from proceeding further on this. Raise the awareness.
Source: ZDnet, Gemalto, THC