Print 12 comment(s) - last by stephenbrooks.. on Feb 5 at 8:49 AM

Sometimes going high-tech on age-old technology to improve life may lead to worse things happening

Airport and travel security has been incredibly beefed up over the last two years. Many checkpoints are now in place where they once were not and most travelers have experienced the increased security measures put in place at airports in the US and Europe. While there's no current cause for alarm, government officials are no longer taking second chances when it comes to the security of airplanes.

We reported just recently that the US government is already field testing its RFID based passports. The new passports contain microchips that replicate in digital what is in print on the passport.

Dutch biometric passports are being tested too. Unfortunately, reports came in indicating that after a mere 2 hours of testing, the passports were cracked and their security measures were circumvented. The high-tech passports broadcast a short range signal of the contents of the passport which is supposed to be picked up by legitimate receivers. But now, rogue receivers are able to sniff out the information too. Analysts were expecting the same problems for RFID passports but the difference with those are that the do not self broadcast until placed near to a legitimate scanner.

Analysts are now saying that they believe the new digital broadcasting passports combined with the fact that the passports contain detailed personal information will do us all more harm than good.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

A little surprising
By smitty3268 on 2/4/2006 1:52:37 PM , Rating: 2
The only suprising thing is that it only took 2 hours. I figured it would at least take a day or two.

But anyone who didn't see this coming a mile off has no clue about technology.

RE: A little surprising
By osalcido on 2/4/2006 2:28:10 PM , Rating: 2
I thought I did know a little about technology...

why cant something like this be encrypted to prevent eavesdropping?

RE: A little surprising
By knowyourenemy on 2/4/2006 2:53:40 PM , Rating: 2
That's probably what was cracked.

RE: A little surprising
By Griswold on 2/4/2006 3:00:41 PM , Rating: 2
Oh I'm sure it can. They probably just didnt think of that. :) At least the 2h timeframe indicates that. Properly encrypted data cannot be cracked within 2 hours, 2 days or even 2 years if you really want something bulletproof.

The other posibility is just a fundamental design flaw in the way the whole system works, assuming there would be no man in the middle or something like that. This is where tax money goes to, re-assuring, isnt it?

With that said, I dont want my passport to be scanned without me knowing it. The possibilities for "them" to spy on me are too vast. Just ask for my damn documents and I will show you when needed, mkay?

RE: A little surprising
By notoriousformula on 2/4/2006 3:10:48 PM , Rating: 2
I read the same news on Engadget but it was about DUTCH rfid passport prototype.

RE: A little surprising
By andrep74 on 2/4/2006 4:23:43 PM , Rating: 2
Does anyone actually read the reference articles???

It fails to mention the Dutch biometric passport was a test system still under development and that the key to cracking the system was the lack of sophistication in allocating passport document numbers, which is not the case with UK passports.

It was indeed the Dutch passport system. Just like nmap can be used to discern IP stack implementations, the scanner used to crack the passport prototype was used to scan for a vulnerability in the unfinished product.

Personally, I'd rather not have all my personal information (including a photo) stored and broadcast when I use a passport. The ability to "sniff" and then (even months or years later) decrypt the data is too easy. The whole reason encryption systems exist in the first place is to _delay_ the comprehension of sensitive data until a time that the information is no longer important. Store the user ID as an encrypted "scan number" that is dereferenced by a central server to look up the personal information, then re-program the RFID with a new encrypted scan number. The next time the passport is scanned, the new scan number is used to look up the information. And so on. If you're paranoid about this "scan number" data, make the encryption keys big enough to prevent cracking on conceivable technology for the next ten years (the max life of a passport). With this system, no personal information can ever be compromised (except on the central data server itself).

RE: A little surprising
By piroroadkill on 2/4/2006 7:44:11 PM , Rating: 2
Surely you can wrap your passport in some kind of shielding when you don't want it be read!

You've heard of tin foil hat, now.. Tin Foil Passport!

RE: A little surprising
By jkresh on 2/4/2006 9:14:39 PM , Rating: 2
actualy something along those lines is not a bad idea. Have a button (maybe fingerprint reader) on the passport and only when the user is touching that button can it accept a request from a scanner to broadcast the data, so even if someone cracked the scanner they would still need your finger (depending on the quality of the reader) to get any info out of the passport. This would certainly up the difficulty in copying the data, though it would also vastly increase the cost to manufacture the passport.

We told you
By Zelvek on 2/4/2006 1:42:47 PM , Rating: 4
this is just as everyone predicted, surprise surprise

RE: We told you
By oTAL on 2/4/06, Rating: -1
I concur
By Pandamonium on 2/4/2006 1:45:56 PM , Rating: 2
Anyone with a proper machine can duplicate binary. Few people can duplicate material passports. I would much rather have my personal information stored in hardcopy only, thank you very much.

Title edit
By stephenbrooks on 2/5/2006 8:49:43 AM , Rating: 2
Love the new news title. Damage recovery etc. etc. :thumbsup:

"Nowadays you can buy a CPU cheaper than the CPU fan." -- Unnamed AMD executive
Related Articles

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki