Some of the many problems with RFID are that it broadcasts data, is often re-writable and can be so easily hacked and mimicked. Our beloved despots, er, I mean leerless feaders, have repeatedly brought out supposedly “secure” passports and national ID’s that were subsequently quickly hacked. The latest news from England is just one more in the series.
What is especially scary is the government’s actually rely on these unreliable methods. Not only will they miss the real terrorists and criminals but they nab innocent people in their nets.
New microchipped passports designed to be foolproof against identity theft can be cloned and manipulated in minutes and accepted as genuine by the computer software recommended for use at international airports.
Tests for The Times exposed security flaws in the microchips introduced to protect against terrorism and organised crime. The flaws also undermine claims that 3,000 blank passports stolen last week were worthless because they could not be forged.
In the tests, a computer researcher cloned the chips on two British passports and implanted digital images of Osama bin Laden and a suicide bomber. The altered chips were then passed as genuine by passport reader software used by the UN agency that sets standards for e-passports.
The Home Office has always argued that faked chips would be spotted at border checkpoints because they would not match key codes when checked against an international data-base. But only ten of the forty-five countries with e-passports have signed up to the Public Key Directory (PKD) code system, and only five are using it. Britain is a member but will not use the directory before next year. Even then, the system will be fully secure only if every e-passport country has joined.
Some of the 45 countries, including Britain, swap codes manually, but criminals could use fake e-passports from countries that do not share key codes, which would then go undetected at passport control.
The tests suggest that if the microchips are vulnerable to cloning then bogus biometrics could be inserted in fake or blank passports.
Tens of millions of microchipped passports have been issued by the 45 countries in the belief that they will make international travel safer. They contain a tiny radio frequency chip and antenna attached to the inside back page. A special electronic reader sends out an encrypted signal and the chip responds by sending back the holder’s ID and biometric details.
Britain introduced e-passports in March 2006. In the wake of the September 11 attacks, the United States demanded that other countries adopt biometric passports. Many of the 9/11 bombers had travelled on fake passports.
The tests for The Times were conducted by Jeroen van Beek, a security researcher at the University of Amsterdam. Building on research from the UK, Germany and New Zealand, Mr van Beek has developed a method of reading, cloning and altering microchips so that they are accepted as genuine by Golden Reader, the standard software used by the International Civil Aviation Organisation to test them. It is also the software recommended for use at airports.
Using his own software, a publicly available programming code, a £40 card reader and two £10 RFID chips, Mr van Beek took less than an hour to clone and manipulate two passport chips to a level at which they were ready to be planted inside fake or stolen paper passports.
A baby boy’s passport chip was altered to contain an image of Osama bin Laden, and the passport of a 36-year-old woman was changed to feature a picture of Hiba Darghmeh, a Palestinian suicide bomber who killed three people in 2003. The unlikely identities were chosen so that there could be no suggestion that either Mr van Beek or The Times was faking viable travel documents.
“We’re not claiming that terrorists are able to do this to all passports today or that they will be able to do it tomorrow,” Mr van Beek said. “But it does raise concerns over security that need to be addressed in a more public and open way.”
The tests also raise serious questions about the Government’s £4 billion identity card scheme, which relies on the same biometric technology. ID cards are expected to contain similar microchips that will store up to 50 pieces of personal and biometric information about their holders. Last night Dominic Grieve, the Shadow Home Secretary, called on ministers to take urgent action to remedy the security flaws discovered by The Times. “It is of deep concern that the technology underpinning a key part of the UK’s security can be compromised so easily,” he said.
The ability to clone chips leaves travellers vulnerable to identity theft when they surrender their passports at hotels or car rental companies. Criminals in the back office could read the chips and clone them. The original passport holder’s name and date of birth could be left on the fake chip, with the picture, fingerprints and other biometric data of a criminal client added. The criminal could then travel the world using the stolen identity and the original passport holder would be none the wiser.
-Times Online
If they can’t secure REAL ID and passports then obviously NAIS is flawed as well.
Anything we can chip
THEY can hack better,
THEY can hack anything better than us
no they can’t
yes they can
no they can’t
yes they can
yes they can
YES THEY CAN!!!!!
And they DO!!!!
Comment esbee — August 7, 2008 @ 5:18 pm
USA Gov. Outsoured Printing to Foreign Sources so yeah, everyone has access to steal our idenities, make fakes…. Same will happen with NAIS and every other program for corporate government to make their bucks and screw the USA citizen.
Comment Sue Karber — August 12, 2008 @ 8:41 pm
You are so right Walter,if they cant keep passports and Real ID drivers licenses secure they cant even hope to do the NAIS and keep it secure.
Visage and L-1 Identity Solutions are having all kinds of trouble with this thing(they are behind Real ID) not the least being no state has yet actually complied and a dozen or so have flat out said no!
I have to believe from what I am seeing in the Real Id situation that they have no intention of keeping this info secure,(real id or NAIS)there are too many loopholes and rabbit trails that are built into the system to keep it secure,I mean they intend to ship your states drivers dept to Mass. and then to share all our info not only between the states and fed terror depts but with other govts who may request info,it ties in nicely with NAIS and the info shareing that they are talking about.so there is no way this info can be secure,here in Pa. the DOT has already “lost” a bunch of the new secure,unhackable drivers licences(Ahemmm,gag.. hack….) and they are now taking biometric pics of your face here,and they are converting all previous drivers license photos to enhanced boimetrics at about 12000 a day as I understand,so it’ll be all done before too long, the trick is to make it illegal to use these photos,and that is where we have been making some progress.
I was invited to speak at a meeting this weekend (of activists,constitutional scholars,teachers,theologians,alternative energy people,gun rights folks and ect.maybe even a poly-tick or two) that will be held Sat. and speak about NAIS what it is and how it relates to real ID and its effects on farming/homesteading.
It should be a good time, I enjoy doing that and educating the “educators” on this subject as modest as my speaking/teaching abilitys may be,I at least like to try to expose this BS to people and make them aware.Wish me luck and pray,thanks!
Anyhow as always thanks Walter for what you do and all of you who are fighting the good fight!
“Live free or die tryin”
Comment LEE — August 14, 2008 @ 10:23 am