Slashdot Mirror
Hackers Clone E-Passport
mrops writes "I guess the skeptical Slashdot community always knew that e-passports are a big waste of time and money; now German security consultants have been able to successfully clone e-passports, even onto building access cards. FTA: 'The whole passport design is totally brain damaged,' Grunwald says. 'From my point of view all of these RFID passports are a huge waste of money. They're not increasing security at all.'"
But this unfortunately is not going to stop the governments from wasting money on them.
I just renewed my passport, hoping to get in before the "biometric" passports became mandatory in the UK (Not that there's actually *any* biometric data on them), but sadly I've ended up with a RFID chip embedded in the back page of my new one.
The booklet that comes with it helpfully suggests ways to damage the chip, such as microwaving it, but doing so will render the passport useless, unfortunately. Anyone know where I can get a good tinfoil wallet from?
Of course, that won't stop the mad bombers with their IEDs from detonating their bombs in the presense of an ePassport. The video from TFA shows yet another weakness in this crappily designed (i.e. vendor driven) system.
John
Now if we could only enabled these RFID passports to download XML via SOAP on a Web 2.0 platform with XmlHttpRequest, Ruby on Rails would finally take off.
Execute? [Y/N] _
Now I can go make my own without all the hassle!
While the headline sounds scary, when you examine it closer, this isn't really surprising. The ability to copy the passport is not the issue here. The key point of the technology was to have the issuing government digitally sign the information contained in the passport. This means that a forger cannot simply tip-ex out the name and and put in a new one ;-)
The article did not mention if the German passport contains bio-metric data. i.e. a digital copy of the photo.
This combined with a digital signature of the photo would make the system very secure indeed.
The passport inspector simply scans the data and compares the photo to the person standing before him.
I don't see how this "hack" compromises the security of the system, except in cases where the inspecting authority misuses or misunderstands the basis of security in the system.
There are only 10 types of people in the world. Those who understand binary and those who don't!
Our money.
To create a full passport it would therefore be necessary to clone the passport itself, physically alter the appearance of the picture to match yours and ensure all the data is consistent. That is, until the authorities decide that technology is foolproof and stop using visual checks in addition the electronic ones, but I'm sure none of the high-up types in these industries would consider such an absurd notion.
So he cloned a passport. As in, a verbatim copy with the same name, date of birth, etc. He explicitly says that he _can't_ (at the moment) change his name, date of birth, etc, because of the hashes.
So his grand achievement is... what? That that a fellow called John Smith could thus make a fake passport that still says John Smith?
Ah yes, so he could clone someone else's chip, if he can steal their passport, and place it on his own passport. Except now he has a passport that says John Smith and a chip that says Jane Doe. As he himself acknowledges it, it will work only if someone at the border/airport/whatever would just swipe the thing over a reader, but not bother actually reading it. And, oh, if also their scanner is broken and doesn't also read the "John Smith" printed in OCR letters on the real pass.
It sounds like some clever hack, but frankly, then what's the improvement over just stealing a passport and using it as it is? If the condition of passing for Jane Doe instead of John Smith is hoping that they'll just swipe it over the reader and not actually look at it, then simply a stolen passport would work just as well and with far less of a hassle.
So, basically, this is just someone's verbal masturbation, rather than some clever hack.
A polar bear is a cartesian bear after a coordinate transform.
where the two dudes in the Oreo jumpsuits are locked in an eternal struggle -- why is it that security vs. hackers struggle should be any different? Do security innovators really think that they're going to invent the "unbreakable" technology?
body massage!
The Foil'ID Again is technically still available.
Oh You POS
Unless he's trying to get into USA as an american citizen, I don't see why a german would like to pass as an american in any other place in the world, considering that, unfortunattely, american people are the favorite target of terrorists around the planet.
Of course there's the "I told you so" factor, just to prove that he could do it, but anyways we all knew that this E-passport thing wouldn't take much time to be proved wrong, i guess we just didn't know that it would be that fast!
Well... Viva Mexico!
What is best in life? To crush your enemies, to see them driven before you and to hear the lamentations of their women.
Next you will have these automated gates and the immigration people saying that it was amazing that the president came through the airport ten times in the last hour. He must have been very dicrete since no one noticed him.
Jumpstart the tartan drive.
Safe from surreptitious cloning? Big deal. You routinely hand over your passport at hotels, etc... while in Europe.
Anally injected RFIDs
What was once true, is no longer so
you mean data can be copied? Holy fuck! Stop the presses and halt the manufacturing this is clearly useless because data can be copied. Seriously why is this a big deal? Was it any real suprise that data could be cloned? The purpose at least as far as I understand it is an additional measure of security, not the only measure. Yes, if you only go off the chip, you're screwed, but hey, that's why you don't only go off the chip. No one is saying this will stop forgeries, just that it will make it more difficult. It's one more thing that needs to be done and done right which means it's one more way to possibly catch a forgery. Surely no one thinks the new coloring on new money is going to stop forgery but it will hopefuly make it more difficult and time consuming. Is the coloring worthless because forgery can still happen?
T Money
World Domination with a plastic spoon since 1984
After reading this article, the RFID thing isn't nearly as bad as I thought.
1) They aren't eliminating the physical passports. So all the physical protections (watermarking) still apply.
2) They are shielding the passports so they can't be remotely read.
3) You need to send a cryptographic key which makes it even more difficult to read remotely (although I don't understand how this works).
4) They are hard to tamper with because of the hashes (assuming they are good hashes, this is comparable to watermarks).
Having said that, I'm not sure why the RFID thing is even useful. A bar code would be simpler, although no more or less tamper proof. And there are existing machines which can read passports by scanning them and OCRing. They are very reliable since passports use high-quality printed text with the characters in known fonts and positions.
1) Steal 1000 e-passports. ...
2) Duplicate and sell them to people who look similar.
3)
4) Profit!
I am a viral sig. Please help me spread.
It doesn't give away a lot, it doesn't have to. A passport must be inspectable by anyone so the spec on how to read it must be pretty much public. There is an (optional) electronic signature mechanism, but this predicates an international public key infrastructure. The bank where I work has enough problems getting one of those together, let alone an international organisation. PKI is very hard. Google for references on this.
Key compromise means that all issues documents are then compromised. Can you imagine a country recalling all its passports?
See my journal, I write things there
Let's just say that the same applies then to forging a digitally signed document:
1. copy the document
2. figure out how to change it while hashing to the same digital signature
3. ???
4. profit
Yes, but see, step 1 is a non-achievement there. Step 2 is the real issue. _That_ what digital signatures really prevent. Seeing some idiot come up and say "ha ha, digital signatures are useless, because I just copied a CD that had a digitally signed file on it" would just tell me that the poor idiot is completely clueless and doesn't even know what he's talking about. It wasn't step 1 that was supposed to be made harder by those signatures, it was step 2 all along. Wake me up when you achieve that.
Same applies here.
Copying a RFID chip verbatim is a non-issue and non-achievement. It's like copying a floppy or a CD. _Of_ _course_ it can be copied, and only a complete ignoramus would make that their grand achievement.
Wake me up when you can actually change the data. And for that matter when the plan is less retarded than hoping that noone will look in the pass _and_ that they'll let you scan a building pass together with / instead of the passport. It's such a "cunning" plan that only Baldrick of Black Adder fame could honestly think it "cunning".
A polar bear is a cartesian bear after a coordinate transform.
under my tin foil hat.
insert inflammatory anti-microsoft comment here
Don't German security consultants also specialize in building super-bunkers for Islamic terror states like Iran?
And now they've compromised the future US passport as well?
3 words to describe this -
state sponsored terrorism.
I know you are humorous. But you are insightful in your humor. See how easy it is to put something against anyone in the "war on terror" ? Now in three sentences, that is far-fetching, but if it was released day after day in news report, I am confident you could turn the majority of US opinion against any country in the world.
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
In order to be "secure" against fakery a passport, or any document should:
1) Have an digital signature of all the data, or at least a signature of a strong one-way hash.
2) Have a means to verify the signature, and that the signer's key hasn't been repudiated.
3) Have a means to verify the hash is legit, i.e. rehash the data on the spot.
4) Have a means to verify the data in question matches the printed version of the document, e.g. a computer screen that shows the digitized picture and the other data that should be on the printed document. A human, or perhaps a computer, can then compare that with the actual document.
Steps 1, 2, and 3 are at the heart of any digitally-signature-validation scheme. Step #4 will detect misuse, as someone using a cloned passport will "look" the same as someone using a stolen-but-legitimate one to the checker.
An alternative, where bandwidth is available, is to have the document-issuing authority validate the document: Upload the document to the authority, and have it send back a "valid" or "not valid" response. This is essentially what happens with credit cards: the name, card #, and expiration date are passed on to the bank or the bank's agent, and the merchant gets back a code saying "card is valid," "card not valid," or one of several other codes such as "card reported stolen/missing."
There are still 2 problems with this approach:
1) The identical twin or look-alike problem.
2) Privacy issues if passport data is compromised.
The twin problem is mitigated by the digitized version of the handwritten signature, a fingerprint, notation of scars, or other items which look-alikes are less likely to share. Privacy issues are in principle no more than they are today with stolen passports, ASSUMING no information that is not on the printed passport finds its way to the embedded electronic data. However, electronic data is much easier to deliver to fraudsters than paper data, and passport theives aren't likely to spend the time typing or scanning in data from a paper passport. The best cure for this is to encrypt the data.
RFID is not required for a secure document. All RFID does is make the data easier to read, which is good for those who want to read the passports without contact them, be they freind or foe. Hmm, maybe someone should invent an RFID tag with an "on" switch.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
An insecure, RFID-driven passport is the perfect thing for making it too dangerous for Americans to travel safely abroad. If an American had one of these in Lebanon, Hezbollah could walk through a public place with a RFID reader and discretely find some good targets of hostage-taking opportunity. It'd be easier for the Chinese police, for example, to track American visitors.
Don't go abroad! Don't see the world except through the lens of CNNABCCBSNBCFOXNPR! That's how the political class wants it. A population that is scared to travel is a population that can't as easily see the world on its own and make its own decisions.
I'm not even an expert in the field, but an RFID tag with an "on" switch seems pretty obvious. Just put the switch between the antenna and the rest of the device. It can be either a traditional on-off switch or a pressure-sensitive "off when not pressed" switch. Imagine an RFID-enabled passport that ONLY broadcasts when someone was holding down the "broadcast" switch.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Really? Where?
I've been at hotels in Ireland, France and England and never once gave them my passport. I might use it as ID e.g. to prove I'm me. But they don't keep it.
Most of the time they don't care. They just swipe your credit card and are glad to take your money....
Tom
Someday, I'll have a real sig.
They've got passport cases, wallets, and wallet inserts that block RFID and other electromagnetic signals. Emvelope.com
NANO snakes on a plane.
I never spellcheck and I freely admit it. Save your karma for more worthwhile "lol erorrs" replies
Too late. The majority of US opinion is already against every country in the world, "Freedom" fries anyone? The only exceptions to this are a few countries like England and Australia, which most Americans think of a funny sidekicks to Uncle Sam, as long as they know their place and don't start getting uppity. Or countries like Sweden, Norway, etc. who most Americans never think of at all, and would never remember if asked to name all the countries in the world.
There is one exception that does prove your rule though... the US itself. Just look at the idiocy, promoted day-after-day in the media, being perpetrated by the American govt. and all you get is angry comments, from the general public, to the effect of "why does the NYT hate America?"
"Unheard of means only it's undreamed of yet,
Impossible means not yet done." ~~ Julia Ecklar
Appearently, the US Government will be doing exactly this - they have hashes to prevent altering the data and human inspectors to prevent data mismatch.
Still, is RFID that's activatable without human intervention really necessary? I say no.
Is lack of encryption irresponsible? I say yes.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Even though it has RFID, the ones coming in October will cost more (£93) and you will be entered into the National Identity Register (read: Be interrogated, DNA-swabbed and fingerprinted like a criminal).
Do it now (like I will) and get RFID, or do it later and get life-long surveillance on the NIR (where a simple clerical error can ruin your life). If I ever get to the point of having to go on that database, Im leaving the country.
Lukas Grunwald is a traitor for exposing weaknesses in our programs to keep Americans safe from Tara.
. . .
What do you mean: We can't arrest a German for treason against the United States?
*weee*EEEE*oooo*
Dammit, is this mic still on?
One might ask the same about birds. What ARE birds? We just don't know.
Fuck! And I just sent off my passport renewal today. Fuck. Guess the only way we will get rid of this ID card malarky is if the tories get in, and I dont think many people want that.
Anyways - your passport will still "work" if you fuck the RFID. People (lawysers when you try to pay fees, bank folk when you open an account, check-in staff at the airport) will look at the picture, check it conforms to your face, and accept it as ID. Passports issued earlier this year will be valid for 10 more, so people won't _require_ RFID for another 5 at least. And that is time to elect a better government, or failing that move to another country (I am seriously considering somewhere else in Europe) -- speaking of which the CAPATCHA says "ferries"!
That was never the intention. It's strictly for tracking purposes. But now that it can be so easily spoofed, it won't serve that purpose very well either. It will serve to plant false evidence though, and many organizations, non-government and government alike, will "need" that.
What?
Why is it so hard to implement a challange-response mechanism to avoid airing the entire passport data?
Especially when they are going to store fingerprints /images/iris scans on the chips, I would expect the passport chip to do the matching up. (Of course, it has to legitimate itself, too.) Just imagine having to change your fingerprints because of identity theft. Americans already have a taste of this with social security numbers.
BTW, if all you'd like to broadcast is your name and number, just print a barcode. That works perfectly fine in Chile (or Colombia? sorry).
-- up-modding policy: make a good point, write self-contained.
Unfortunately, we've already seen that governments place a higher importance on the appearence of security rather than actual security. For direct evidence, just look at airport screening.
I'll conceed that x-ray'ing baggage would highlight obvious weapons like knives or guns. However, as we've seen from the likes of Yousef Josef and other terrorists, people can smuggle bomb components on plains using items, such as watches, which would not be picked up by the usual airport screening proceedures. Add to that the ever so effective comparison of the name and date on my boarding pass with the name on whatever casually inspected ID I provide. Please don't even get me started on how rediculous making me take off my shoes is.
If governments were really serious about airport security, they would adapt a model similar to the one used in Israel. Roving groups of heavily armed, well trained commandos that stop "interesting" individuals and select them for additional screening. However, this method would be too inconvienent and intrusive for travelers (Americans).
This is the state of governmental security. To the not very determined to violate it, lay individual, it appears that there is SOME kind of security in place. With a slight bit more investigation, someone with a bit of desire can easily violate it, thereby rendering the "security" utterly useless. But hey, they have to have some way to spend our tax dollars, right?
-Runz
I never saw this one coming!
it is about ease of tracking folks. All it means is that we can track all citizens.
This would be quite surprising to me. It is true that you can copy any personal detail you want into these cards.
But besides some personal details passports are also supposed to have a secret in them that gets proved without revealing it. The article makes no mention of it. Its called "active authentication", RSA labs has been writing about it for years. The US and many others are supposed to require it. IIRC it is done by having the passport sign a challenge with a secret key or something like that.
The only way to get to a secret in the chip would be to really mess with the chip, acids, electron microscopes, side channels, the article mention just "reading" it.
The RFID tag is supposed to tamper resistant. That is, it is supposed to forget whatever secrets it holds if it detects any attempt to tamper with the chip. One manufacturer advertises with voltage, frequency, temperature and light sensors.
Philips also appears quite serious about preventing side channel analysis attacks as well.
Now I have the impression that the whole point of standardizing on complex contactless cards was to keep little players out of the market. (RFID is covered by several patents and hard to implement power efficiently without serious fabrication facilities) The only excuse I heard for requiring contactless cards was that it somehow saved time standardizing the readers....
This is why I would expect other big manufacturers to have done their homework as well.
Is there a chance this attack only clones the parts that are supposed to be readily accessible? Fooling a reader without the "active authentication" is easy. And since a reader would need a government public key I guess getting a reader with it would be a little harder than just buying one.
(Also the Basic Access Control feature sucks. With moderate computing power you can understand the communication between passport and reader at an airport without seeing the passport.)
The German passports do not employ the optional active authentication standard as specified by ICAO. Active authentication means that there is a private key within the passport. This private key can be used in a challenge-response authentication of the passport chip. The public key itself is stored in a data group on the passport, which is protected against alteration in the same way the biometric data is protected against alteration (a digital signature from the state).
I %20mrtds%20ICC%20read-only%20access%20v1_1.pdf
Nobody seems bothered to even *look* at the ICAO specifications, including 100% of the previous responses on e-Passports on slashdot. Why the hell should politicians even bother with citizens if not even the technological top 1% takes an interest?
http://www.icao.int/mrtd/download/documents/TR-PK
Check out chapter 2.3.2, 3.2.2, Annex D, Annex G.1.2
I've had to leave it at the front desk of European casinos, while I was gambling.
Obviously, mr. Grunwald is a terrorist and will be detained within short. The rest of us are better off looking the other way.
Yes, that means you!
SIG: TAKE OFF EVERY 'CAPTAIN'!!
Just wait it out. A year from now they will see they made a mistake. Unfortunately it will be at the expense of travelers. But hey the only way politicians will listen is after the bad thing you predict will happen happens. They only wear hindsite glasses.
Can I bum a sig?
Hey,
RFID seems to get nothing but bad press. Security is a huge problem with RFID, and it use in retail for price tags seems to be a huge problem as well. I'd like to know where it's being used or could be use where it's apparent flaws have not impact.
Later,
-Slashdot Junky
.
Landfill Mining Co.
Managing the (Un)natural Resources of Tomorrow
1.Every passport that has one of these RFID chips should contain a unique number burned into the RFID chips in a way that can never be changed but can be read back.
2.When the passport data is written to the RFID chip, the data is encrypted using an RSA (or similar) key that only the government has which will prevent "drive by data dumping" as long as the other half of the key is only embedded in passport machines and is kept tightly controled. Also (and more importantly), it is digitally signed using the same key (including the unique number burned into the RFID chip). This would prevent anyone from even being able to make a 1:1 copy of a passport.
According to TFA, the passport is needed only long enough to scan it. That could be sitting on a pad behind the hotel's registration desk for 15 seconds. It's doesn't say anything about keeping it
Renew your passport at a consulate overseas. Incidentally, this is also much quicker than renewing it in the UK (typically takes 2 weeks). The only snags are the obvious ones that you need to stay out of the UK for long enough to get your new passport, and you need an overseas address (maybe a friend's).
I would not advise trying the obvious trick of just mailing your old passport to a friend in country X with all the forms, and asking them to post them to the consulate as though you were in X, then post the passport back to you when it arrives at their address. Cross-border postal mail is checked more often than most people realize, and I have heard of cases where identity documents have been removed.
The key point of the technology was to have the issuing government digitally sign the information contained in the passport. This means that a forger cannot simply tip-ex out the name and and put in a new one ;-) The article did not mention if the German passport contains bio-metric data. i.e. a digital copy of the photo. This combined with a digital signature of the photo would make the system very secure indeed.
Ah, but a forger can do just that. Unless whoever scans the passport, customs agent for instance, has immediate access to a database where all the info including a photo is located there's no way to guaranty the holder is who s/he says s/he is. Even then though there's no guaranty, the database is manned by people and one or more of them can turnaround modify the data, sale said info, or can create new ids. I seem to recall a few years back where someone at the IRS was arrested and charged with selling personal data including SSNs.
FalconShould there be a Law?
Now /.ers know they can be cloned, faked, forged, etc.
If you're ever in the situation where you really need a false passport, ( I.e facist goverment takeover, military coup etc.... oh wait) at least you know the stooges will take your shiny technologicaly enhanced wonder document without much fuss, after all it must be ok 'cause its got added 'technology'
It'll take at least one change of goverment before they admit how stupid the idea was, after all it's only 'the other lot' that does stupid things.
From TFA:
"What this person has done is neither unexpected nor really all that remarkable," Moss says. "(T)he chip is not in and of itself a silver bullet.... It's an additional means of verifying that the person who is carrying the passport is the person to whom that passport was issued by the relevant government."
Moss also said that the United States has no plans to use fully automated inspection systems; therefore, a physical inspection of the passport against the data stored on the RFID chip would catch any discrepancies between the two.
If the RFID passports were to used like some kind of gas card--where a traveller just waves his or her passport through a reader, gets a beep and a green light, and goes on--this news would be a problem.
But that's not how they'll be used. There will still be an inspector checking the RFID data against the printed data, and against the physical appearance of the traveller. Like they already do now, for crying out loud.
In the USA the passport jacket will have a metal lining so that the RFID cannot be read when the passport is closed.
Little venture I started about a year ago....
Stylish RFID blocking passport cases and wallets
http://www.difrwear.com/
While I 100% agree with your first paragraph, it's just a "something must be done!" kind of response to keep the voters happy and concentrate power in DC.
Your next couple of points should be reconsidered carefully:
There is no evaulation of technology
On the contrary, there is quite a bit of evaluation of technology. Only the U.S. gov't can afford to pay people to spend the time to come up with these torture tests. My current employer was very briefly involved early on in the process for the new U.S. passport and I can tell you the tests the Feds came up with are very high quality tests that have improved the technology and force companies to better comply with ISO standards.
Please consider RFID passports as a response to the demand for *much* more international travel in even larger planes. In order to more accurately process many more people through customs at airports around the world, this is a good way to do it more efficiently.
Finally, I believe no one is claiming they are "secure" as in magically impenetrable. They are not. And like most security systems, the critical control points of entry are probably not staffed by the "brightest and best" so the usual systemic failures will occur. Only, the wait at customs will be a little shorter and govt's will have more data (not necessarily better or higher quality!) as to who is entering when.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
In the wired-article are some fotos with a RFID-shielding device for the passport./ products_id/130
cheers,
axel
I found it here https://shop.foebud.org/product_info.php/cPath/30
Lets not forget Canada.
And we Americans do think of Sweden and Norway, they have bikini teams and tall blonde people and saunas and reindeer and snow and stuff... Aren't Sweden and Norway the same place?
Crap. Diebold is offering e-passports too?
I can't think of which ones off the top of my head, but I know there are places where you are expected to surrender the passport to the hotel. I was surprised to read about it, too. I think I may have run across it at some point in my travels as well. Don't recall for sure.
it has to happen one day.lets see wht improvments can be done now to protect such things.
http://www.secgeeks.com/
The chip data includes a digital copy of the photo, which I'm certain will be displayed on the guards monitor. Be pretty lazy not to compare that to the face. In fact they'll probably start ignoring the harcopy photo.
Since the whole article is a non issue, as they guy didn't find a way to alter the data and still have good checksums, the digital face would match the name in the chip that is getting run through databases.
I used to set off security alarms in stores pretty much anywhere because of a RFID key for my condo. I found though, that keeping the RFID key right next to my cell (candybar) would negate the RFID signal, and I could get through stores with no alarm.
Neil is that you? Yeah yeah, it's me... Neil...
"Please consider RFID passports as a response to the demand for *much* more international travel in even larger planes. In order to more accurately process many more people through customs at airports around the world, this is a good way to do it more efficiently."
Yes, we have a winner! What do you get when you combine the desire to make border security easier, better, CYA compatible but with less annoying hassles and without tedious requirements for extensive training? A system with fewer forms of "approved" ID and electronic.
A pipe dream to be sure. But certainly an inviting one.
Why would you have to show ID just to register at a hotel...especially if you have cash?
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
I've traveled a lot in France, Switzerland, and Italy and I often had to leave my passport at the Hotel desk. The upside of this is that I've never had my passport stolen unlike some yahoos who carried them arround for pickpockets to nab or left them in hostel rooms for anyone to grab.
...heaven forbid you carry a cell-phone in the same pocket.
Microsoft put the "sucks" in "success".
I dunno, leaving your passport somewhere isn't always the smartest thing either. For starters, if you are requested to show government ID, your american driver licenses is not legal ID in most cases. If you run afoul and need your embassy to bail your ass out you will need your passport as well, etc...
I've stayed in hotels in Dijon, Rennes, Saclay and Paris. Not once did they ask to see it for more than just the photo ID (I kept the passport). I've stayed in two different hotels in Dublin, same story, etc...
I'm the first to admit that WESTERN europe is not the same as the rest of europe. I imagine in Germany or Poland or some such the rules may be diff.
Tom
Someday, I'll have a real sig.
Even more, it's an issue of using a technology in a way for which it was not designed. I can pull a horse trailer with my Yugo, but it's not good for the car, the trailer, or the horse.
WAIT, STOP. This is great, a standard format for saving people's personal information!
We could distribute these files on every P2P network.
I'll trade you my Al Gore for your George W.
He was planning to give a demo today at BlackHat in Vegas. Look at what they did to Skylarov for Adobe. You think they're going to sit idly by while some *gasp* foreigner shows them up? THOU SHALT NOT TAUNT THE HAPPY FUN BALL
Seriously, I'm waiting for word that he cancelled his presentation "voluntarily" or has been arrested.
Nope. I've been on business in Warsaw (Poland) a couple of times, Munich (Germany) many times, Basel/Zurich (Switzerland), and France, Spain, Holland, Belgium etc., and I've never had to leave a passport at the desk. In most cases, they don't even look at the passport, they just want a number. Now, your credit card on the other hand...
He has cloned the RFIID chip, which would be relatively easy to do.
:(.
However...
There are other countries, however, that are considering taking human inspectors out of the loop. Australia, for one, has talked about using automated passport inspection for selected groups of travelers, Moss says.
Crazy... And I live in Australia
meh
Too late. The majority of US opinion is already against every country in the world, "Freedom" fries anyone? The only exceptions to this are a few countries like England and Australia, which most Americans think of a funny sidekicks to Uncle Sam, as long as they know their place and don't start getting uppity. Or countries like Sweden, Norway, etc. who most Americans never think of at all, and would never remember if asked to name all the countries in the world.
And in England and Australia the majority of the population has a negative view of US foreign policy. In both cases it is the governement that supports US foreign policy and the population does not consider it enough of an issue to vote them out. In the last election in Australia, interest rates was a bigger issue than foreign policy.
meh
If that is the case, they must not have met any of the Australian people.
ICAO has cryptographic key support through AA (Active Authentication); but the US and some other countries are not creating their passports with such key support. This has been turned off. Probably Germany is one of these countries not enforcing this AA because else it wouldn't be -that- easy to copy in the first place.
Probably because the PKI would be too difficult to deploy for an entire nation/risks of compromise?
This means; US passports and any passport without AA can (and probably will) be copied.
Why introduce new passports with a rfid chip which isn't even safe while the current system works as good?
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
I have read that all rfids have a unique serial number called a collision avoidance ID. Its apparantly very low level and little talked about. But its necessary so that a scanner can differentiate between multiple rfid's places next to each other. Think bag of groceries or even a queue of people waiting to get thru customs. So if you have an rfid in your pocket, you can be tracked, period.
Yeah, think less along the lines of Paris, and more along the lines of Bratislava. It's a pretty huge difference once you get a bit further east. There are some countries that still call there security service the KGB.