funsec mailing list archives
UK Fakeproof e-passport is cloned in minutes
From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade () shaw ca>
Date: Thu, 7 Aug 2008 10:46:00 -0800
http://www.timesonline.co.uk/tol/news/uk/crime/article4467106.ece In the tests, a computer researcher cloned the chips on two British passports and implanted digital images of Osama bin Laden and a suicide bomber. The altered chips were then passed as genuine by passport reader software used by the UN agency that sets standards for e-passports. There is provision for key codes to be checked against an international Public Key Directory (PKD) code system data-base. But only ten of the forty-five countries with e-passports have signed up to the system, and only five are using it. Britain is a member but will not use the directory before next year. Even then, the system will be fully secure only if every e-passport country has joined. Some of the 45 countries, including Britain, swap codes manually, but criminals could use fake e-passports from countries that do not share key codes, which would then go undetected at passport control. Using his own software, a publicly available programming code, a £40 card reader and two £10 RFID chips, Mr van Beek took less than an hour to clone and manipulate two passport chips to a level at which they were ready to be planted inside fake or stolen paper passports. The tests also raise serious questions about the Governments £4 billion identity card scheme, which relies on the same biometric technology. ====================== (quote inserted randomly by Pegasus Mailer) rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org Encryption protects our national security ... Encryption plays a critical role in our entire communication system, and to require that a backdoor be built into that system is just an incredibly dangerous thing to do. - Bob Goodlatte (Republican) victoria.tc.ca/techrev/rms.htm blogs.securiteam.com/index.php/archives/author/p1/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- UK Fakeproof e-passport is cloned in minutes Rob, grandpa of Ryan, Trevor, Devon & Hannah (Aug 07)