I can’t seem to believe it. Are governments and National Security Agencies blind? E-Passports are becoming popular amoung a large no. of countries and it’s so easy to hack and clone, but no one has raised any concerns, Why ?
How E-Passports work? Why do we need them?
E-Passports are based on recent buzz of RFID. they broadcast some unique
id/information (theoratically) identifiable and understandable by only select Terminals put at airports.
In theory the RFID passports improve security and are faster to process.
The first is Ironical; the second not much better. Why?
What is faster are the new RFID chipped ID cards for border crossings: They broadcast their unencrypted info for 10 meters or more. Wow! Now that makes the HACKABLE!
E-passports not only threaten your personal safety traveling, the RFID chips are easy to clone and fake. How easy?
Here’s the picture of Elvis Presley’s e-passport on right (below).
The photo is taken from a passport scanner at a Dutch airport – no alarms or errors. But let’s look on the bright side: some salesman is making millions and some former bureaucrats have cushy gigs with RFID consultants.
The Hacker’s Choice, THC, has published a Tutorial on how to do it. The fake e-passport chip business is just starting. Future could be a mess! Government officials are you watching?
RFID finds other Applications <All Hackable>
And you know the nifty key Speed Pass that buys gas? They’ve been hacked too. But for the larcenous nothing beats RFID credit cards. They can be hacked for $8 from a foot or more away.
RFID are great for their original application: tracking goods in a warehouse. But they are horribly insecure for financial and identity applications.
Solution and Alternatives:
Their may be some workarounds for passports. One of them being: If the immigration agent’s terminal queried a central database that brought up a 2nd photo not on the passport, then we could be fairly certain that it wasn’t a forgery. Another alternative: optical – not radio – data storage and encryption. A bar code scanner on a microscope could read tiny barcodes embedded in your photo.
The point is that RFID passports, drivers licenses, credit cards and other identity documents are the worse Idea. We KNOW that techno-criminals are ripping off people on the web. Why won’t these same people move on to RFID when the economics make sense?
And when there are hundreds of millions RFID documents circulating, we won’t be able to issue a patch and fix the hole in a few weeks. No, these holes will be open for years. Let’s discourage our governments from proceeding further on this. Raise the awareness.
Source: ZDnet, Gemalto, THC
loading...
loading...
Hello,
Your article raised some questions that I hope you don’t mind answering.
I have been reading the DHS website on border control and it claims that two types of RFID enabled documents are used: vicinity (reads documents from 20 to 30 feet away) and proximity (reads documents only in close proximity).
I was wondering if either of these make a difference in the ease or difficulty of obtaining a person’s information.
DHS also claims that no personal information is stored on the RFID card itself, but in the border control’s database. Would that mean that someone would have to hack into the border’s database to obtain personal information?
Finally, I was wondering what kind of technology is or could be used to hack into the RFID enabled passports?
Thank you for your time.
loading...
loading...
20 to 30 feets are enough for anyone around you to hack.
I agree, no personal info is stored inside RFID, but it has certain things like UNIQUE-ID and the lame encryption algorithm which when broadcast, can be sniffed and hacked, and it can be used by some one else pretending to be you.
Technology to hack RFID isn’t expensive, tutorial is here: http://freeworld.thc.org/thc-epassport/
It should clear all your doubts
loading...
loading...