Tuesday, 21 July 2009

The chips are down?

The new machine readable e-passports contain Radio Frequency IDentification chips. RFID are great for their original application: tracking goods in a warehouse. But they are horribly insecure for financial and identity applications. This has been discussed for some time but it is only now that these chips are appearing in more and more documents and the hackers are becoming more ingenious.

Boing Boing TV illustrates how much easier it is to obtain the details of a credit card with RFID than the normal type because all the details are stored in one place. A student at Cambridge University intercepted e-passport transmissions from 50 metres. Already US passports are 'shielded' by metal sleeves to prevent electronic eavesdropping.

The Economist discusses the problems associated with e-passports.

It is claimed that the two main justifications for adding chips to passports are that they improve security at border crossings and speed up immigration procedures. However, they are certainly no quicker to process and all the chip does is confirm what is printed in the passport.

What it does not do is prove the holder is the person he or she claims to be—no more so than a traditional passport did. If the person has a reasonable likeness to the photograph—and therefore similar biometric details—a stolen e-passport or e-ID card could readily be accepted.

ZDNet explains how Elvis could still live on an e-passport scanner.

No comments: