Slashdot Mirror

← Back to Stories (view on slashdot.org)

E-Passport Cloned In Five Minutes

Posted by kdawson on from the if-more-proof-were-needed dept.

Last month a panel of EU experts warned that the e-Passport's security is "poorly conceived", and in fact a week later a British newspaper demonstrated a crack. Now another researcher has shown how to clone a European e-Passport in under 5 minutes. A UK Home Office spokesman dismissed it all, saying "It is hard to see why anyone would want to access the information on the chip."

8 of 259 comments (clear)

  1. Well then, by QuantumG · · Score: 5, Insightful

    "It is hard to see why anyone would want to access the information on the chip." I guess that's what they call a failure of imagination.

    --
    How we know is more important than what we know.
    1. Re:Well then, by l2718 · · Score: 5, Insightful

      Well, it's true that if you already possess a passport and want to copy it, it's essentially the same problem with and without an RFID. It's also true that the RFID chip does stop the basic hack of replacing the photo in the passport (since the data on the chip is persumably read-only, and the chip can't be replaced without mutilating the passport). I think what the esteemed spokesman missed is the privacy implications (I can now read your passport without your knowledge). In particular, you can clone these passports without actually holding the original. In the past to clone a passport you needed the co-operation of its owner (if you steal a passport it's known to be stolen). Now you can make your own sure-to-be valid passport by just stepping into the airport and choosing an appropriate victim (someone who looks like you, perhaps?).

  2. At least they can publish this... by rrohbeck · · Score: 5, Interesting

    Now another researcher has shown how to clone a European e-Passport in under 5 minutes.

    Thanks to a software he himself has developed, called RFdump, he downloads the passport's data onto his computer and then onto a blank chip.

    How long would it take for some 3 letter agency to show up at their door in the US?

    --
    thegodmovie.com - watch it
  3. Re:and if your name is written on said panties by prichardson · · Score: 5, Funny

    If my name is written on someone else's panties, I demand to know why!

    ob Simpsons:
    Skinner: Oh, it's a miracle no one was hurt.
    Otto: I stand on my record - fifteen crashes and not a single fatality!
    Lou: Let's see your license, pal.
    Otto: No can do. Never got one. But, if you need proof of my identity, I wrote my name on my underwear... Oh wait, these aren't mine!
    Skinner: Well that tears it! Until you get a license and wear your own underwear, mister, you are suspended without pay!

    --
    Help I'm a rock.
  4. huh? by jshackney · · Score: 5, Insightful

    It is hard to see why anyone would want to access the information on the chip.

    If no one would want to access that information, then why is it on the chip? Why even bother with the chip? Why even bother with the information?

  5. RFID is absolutely TERRIBLE for security by arete · · Score: 5, Insightful

    RFID IDs are TERRIBLE for personal security, because it adds RANGE to detection and forgery. Parent post has ABSOLUTELY missed the point.

    No one is claiming that magnetic stripes and/or bar codes are bad for security. In both cases they make it very marginally harder to copy and virtually eliminate data-entry errors. RFID has a BIG problem beyond that: It can be read without the knowledge of the holder.

    No one can read the inside of my paper passport without me giving it to them - nor my magstripe nor bar code. I have complete control over who sees it. Sure, I might be conned into showing someone, but they have to con me. RFID means that:

    1. They can copy my information without me ever showing it to them.
    2. They can READ my information without me ever showing them, allowing them to identify me from a distance.
    3. Even with a perfectly random RFID system, they can identify your nationality from afar, which obviously may make you a target in some circumstances.

    To be SAFE, an RFID system must have a) zero emissions in the closed state (eg a tested foil cover) AND b) No non-random information broadcast from the chip. (that is, a random passportID that is broadcast that has NO other information until you look it up in the appropriate database.)

    "b" is necessary because "a" alone still allows someone nearby you to snoop whenever you have to show your passport somewhere.

    --
    Looking for freelance Actionscript (Flash/Flex) or ColdFusion work and/or freelance developers. Email me, put Slashdot
  6. The proper response is... by Todd+Knarr · · Score: 5, Insightful

    The proper response to that spokesman is "Well then, you won't mind lending us your passport for a minute, so we can copy it and put copies on sale in <district with notorious reputation>, will you?".

    Some politicians simply need the problem made their personal problem before they'll see it.

  7. Tin foil hats, everyone by h2g2bob · · Score: 5, Insightful

    The ID cards themselves are just a distraction. The real agenda is the setting up of a big database with information on all citizens. While everyone debates ID cards, they get to do what they want with the database proposal. They can back down on ID cards later, and everyone is happy.