Slashdot Mirror

← Back to Stories (view on slashdot.org)

British "Secure" Passports Cracked

Posted by CowboyNeal on from the trust-us dept.

hard-to-get-a-nickna writes "The Guardian has cracked the so-trumpeted secure British passports after 48 hours of work: 'Three million Britons have been issued with the new hi-tech passport, designed to frustrate terrorists and fraudsters. So why did Steve Boggan and a friendly computer expert find it so easy to break the security codes?'"

2 of 305 comments (clear)

  1. Easy to clone by SomethingOrOther · · Score: 5, Interesting

    Home Office spokesman.
    "If you were a criminal, you might as well just steal a passport."

     Missing the point dude.
    If my passport gets stolen, I report it. It gets cloned, I've no idea somebody is impersonating me, screwing up my life (and others).
    Please people, support NO2ID and tell Blair where to shove his flawed ID cards and CCTV cameras.

    --
    Anyone quoted by a reporter knows how little they understand
    Don't believe what you read is the truth.
  2. Re:Nothing to see here... by archeopterix · · Score: 4, Interesting
    "If you can read the chip, then you can clone it," he says.
    Don't see how you can... but anyway an exploit would be a problem with the reading software, not with the passports.
    The "read -> clone" implication might be a bit of an overstatement, but if the chip identifies itself (and the passport) to the reader by revealing _all_ of its contents, then the only barrier to cloning is the availability of programmable RFID chips. Cryptographically speaking (*), they could have done better. There exists something called zero knowledge protocols which makes it possible to identify a party without revealing the secret information used for identification, i.e. without helping the potential cloner.


    (*)I don't know whether RFID chips are capable of implementing zero knowledge protocols (they require some computing power), but if they can handle 3DES, then the answer is probably yes.