More News
Jordan - The Truth
Transformers shirt gets jet ban
Gentoo in a production environment
Shutdown Day, 2008
My disgust with BA & Heathrow
As simple as buying a car
Hacking aMule to remove root warning message
Jordan's lucky day of freedom of speech
Beware of car dealers
Saddam's Execution - Is it an injustice?
Revive your iRiver H320 / H340 with a new battery
Petition to scrap ID Cards.
Bollox to RFID
Quick, I need Heroin, put me in prison!

Bollox to RFID

November 17th, 2006
Image: 
passport.gif

You most probably know by now of the proposed "ultra-secure passports" that are recently introduced to over 3 million British citizens that contain a small chip with your information (biometrics - finger print, retina scan, etc.), and you most also probably know that the government is to be trusted both to the reasons of having such an invasion of privacy, and that it would be properly dealt with and secured.

Well arn't you up for a surprise then :)

Apparently it is very easy to extract all the data out of it and display it all onto a notebook or computer, even though, and i quote,

The Guardian - http://www.guardian.co.uk/idcards/story/0,,1950226,00.html wrote:

"The UK Identity and Passport Service website says the new documents are protected by "an advanced digital encryption technique". So how come we have the information? What could criminals or terrorists do with it? And what could it mean for the passports and the ID cards that are meant to follow?"

For example,

    * All it takes to ruin someone's life, smuggle yourself, forge a passport or identity, or even prove the government wrong regarding the millions spent to "tackle terrorism" as they say, is a £174 chip reader, some information of the passport's owner of which is even written on the passport itself, and 4 seconds in order to get a copy of all the data for yourself.

    * The key needed to access the data on the chip should be comprised of, in the following order, the passport number, the holder's date of birth and the passport expiry date. All of the information needed can be found on the passport itself. It's like writing your password in front of the keyboard more or less....

The Guardian - http://www.guardian.co.uk/idcards/story/0,,1950226,00.html wrote:

"I was amazed that they made it so easy," Laurie says. "The information contained in the chip is not encrypted, but to access it you have to start up an encrypted conversation between the reader and the RFID chip in the passport.

So as you can see, even though the government is using 3DES encryption, they're using a very poor method to create the key.

Worst of all, you don't even need to steal the passport from the victim. The government claims the new chips can be read over a distance of just 2 centimeters, however, tests have clearly shown that it's possible to read the information from a distance of up to 30 centimeters. Some claim that with a bluetooth antenna you could increase the distance up to 10 meters. You thought getting your oyster card read was bad enough, imagine a card that has your address, personal information, and even a copy of your facial, retina, and thumb prints.

So what happens now? Here are a few possibilities.

    * The attacker now has access to your thumb print and retina scan. I'll leave it to your imagination to what the attacker can do with that... (future bank accounts, border controls, etc..)

    * The attacker now can clone his or her own passport that would allow for the attacker to illegaly enter another country.

All I can say is, if you're going to do a job, do it right!. Either stop cutting corners, stop breaching our rights for whatever reasons you claim are justifiable, or don't do it in the first place. If we were talking about a dialysis machine or a pacemaker, i doubt they'd have the same leniency in releasing an embarrassing result, and then spending a few years to fix it.

In other news, if you're opposed to the ID card system and would like it to be scrapped, sign the petition and make a difference!

Read More.

Update: 01/12/06 @08:36pm: Well well, check out this link and read about how a BBC journalist managed to easily obtain 20 forged passports and enter the UK twice with them...

Other References: 
Petition to scrap ID Cards.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
  • You can use BBCode tags in the text. URLs will automatically be converted to links.
  • You may quote other posts using [quote] tags.
  • Potentially problem-causing HTML tags are filtered.
  • You may insert videos with [video:URL]
CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.
video
 

 

© 2006 - 2008, Xushi & TJK