funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Passport cards called security vulnerability

From: "Richard M. Smith" <rms () computerbytesman com>
Date: Fri, 16 May 2008 10:10:51 -0500
http://www.washingtontimes.com/apps/pbcs.dll/article?AID=/20080516/NATION/66
2238118/1001&template=printart

 

Article published May 16, 2008
Passport cards called security vulnerability

By Bill Gertz <mailto:BGertz () washingtontimes com> 
THE WASHINGTON TIMES - The State Department will soon begin production of an
electronic passport card that security specialists and members of Congress
fear will be vulnerable to alteration or counterfeiting. 

The agency has contracted with L-1 Identity Solutions Inc. to produce
electronic-passport cards as a substitute for booklet passports for use by
Americans who travel frequently by road or sea to Canada, Mexico and the
Caribbean. 

About the size of a credit card, the electronic-passport card displays a
photo of the user and a radio frequency identification (RFID) chip
containing data about the user. The State Department announced recently that
it will begin producing the cards next month and issue the first ones in
July. 

Security specialists told The Washington Times that the electronic-passport
card can be copied or altered easily by removing the photograph with solvent
and replacing it with one from an unauthorized user. 

James Hesse, former chief intelligence officer for the Immigration and
Customs Enforcement Forensic Document Laboratory, which monitors fraudulent
government documents, said the card should have been designed with a special
optical security strip to make it secure and prevent counterfeiting. The
selection of a card with an RFID chip is "an extremely risky decision," Mr.
Hesse said in an interview. 

"The optical strip has never been compromised," he said. "It's the most
secure medium out there to store data." 

Joel Lisker, a former FBI agent who spent 18 years countering credit-card
fraud at MasterCard, said the new cards pose a serious threat to U.S.
security. "There really is no security with these cards," he said. 

Mr. Lisker, a consultant to a competitor for the electronic-passport card
contract, said the State Department's selection of the RFID card shows it
favors speedy processing at entry points more than security. He charged that
the department "will not make changes until it is satisfied that compromises
are occurring on a regular basis." 

The State Department rejected a more secure card because it is "surrendering
to speed over security, essentially creating new vulnerabilities. ... It
will not take long for the bad guys to figure out which ports have
readability and which do not," he said. 

.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: