RFID Passports Cloned Without Opening the Package

Jeremy writes to tell us that using some simple deduction, a security consultant discovered how to clone a passport as it's being mailed to its recipient, without ever opening the package. "But the key in this first generation of biometric passport is relatively easy to identify/crack. It is not random, but consists of passport number, the passport holder's date of birth and the passport expiry date. The Mail found it relatively easy to identify the holder's date of birth, while the expiry date is 10 years from the issue date, which for a newly-delivered passport would clearly fall within a few days. The passport number consists of a number of predictable elements, including an identifier for the issuing office, so effectively a significant part of the key can be reconstructed from the envelope and its address label."

Does anyone remember Press Your Luck?

[Aurelfell]

It was the game show with the Whammies that stole your money. As I recall, there was a guy who watched the show long enough that he figured out a pattern that would let him win every time. He played for like three days, and won a crazy amount of money. The show went of the air, but I remember reading that the programmers who created the game board offered to make it 'true random' for another $600, and the network refused to pay it.

This article reminds me of that story.