UK RFID Passports Cracked Already

from the feeling-safer? dept

There’s been an odd rush by governments to move to RFID passports, even though there are serious concerns about how secure they really are. Over in the UK, where many RFID passports are already in use, a security researcher and a reporter were able to crack some aspects of the passport. It is, admittedly, a limited crack, but it could potentially be used to make a clone RFID chip for a counterfeit passport. While the UK government claims this crack is no big deal, you’d have to think that it shouldn’t take long for other problems to show up as well. What seems pretty clear from the description is that the implementation was done without all that much thought given to the security side of the equation. We’re not as down on RFIDs as some people are — but with all the questions about security and privacy issues, you would think that officials would have been extra careful before sticking them in something such as a passport. Apparently not.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “UK RFID Passports Cracked Already”

Subscribe: RSS Leave a comment
ehrichweiss says:

Re: Why RFID?

Smart cards are more hackable than RFID is. If you want proof of this you have to look no further than the efforts of the satellite hacking community as they have been hacking smartcard technology for about 10 years now. There are hacks for the Kinkos/Fedex smartcards and I’m quite sure there are hacks for Visa/Mastercard’s with the smartchips in them as well even if I haven’t seen one(thanks to the DMCA, nobody’s gonna admit they know it can be done).

So no, I don’t think we should move to smart cards either.

Forrest says:

Re: Re:

First thing Bob, just in case you’re kidding ha, ha, ha

But with the frightening likelihood that you are serious: Yes, lets build ourselves into a frightened isolationist state, afraid to step outside of our door for fear of all the bad people out there. Lets be that crazy lady who never lets anyone into her house and lives in her own filth and waste and paranoia untill three years later her neighbors break down the door because the smell is starting to bother them. Lets stagnate inside of our own borders as the world moves on without us. Think for a moment how well isolating themselves worked for Japan, China, etc. In the unlikely event that we do something so cowardly and foolish I’m the first out of the country Bob. And stop blaming the enviromentalists for everything, it’s thanks to them you don’t need a gas mask to go for a walk and can actually catch fish in the wild anywhere.

Anonymous Coward says:

Re: Re:

Well, “Bob”…

Theres this thing called “gains from trade..”

Certainly, could be self-sufficient..

But do you want to pay $3000 for a mid-range computer, or $30 for a new cheap t-shirt, or $5 for one new pair of underwear?

Everything that is manufactured overseas is done so because its cheaper, and most things are. The few that are ‘manufactured’ here are really just assembled here; the input components were forged elsewhere in most cases. And the inputs for those inputs? Probably made elsewhere too.

But asking a six-pack Bob to consider meaty issues like international trade, CPI, and inflationary pressures is a lot, I know, especially for a Saturday. Go back to the TV and stop voting.

Anonymous Coward says:

Re: Re: Re:

And just to follow up to my self.. There’s a huge array of things that admittedly might be designed here but are manufactured elsewhere. Every large-cap company in the United States is a multinational. If the ‘close the borders’ crowd ever got enough idiots in congress, the very next day they’d have to deal with the realization that things like jet engines are suddenly impossible to fix, many computer components are impossible to replace, a lot of scientific equipment can be designed but not acquired repaired or replaced. Most of our retail stores would empty themselves without replacements, and with no inventory to sell, they’d close. Consumer confidence would be destroyed, so those factories you might think, Bob, that would spring up to fill the needs of the US, they’re too busy either trying to adjust to the huge supply shock or closing their doors as the elite businessmen and woman of the country flee to other countries not run by idiots so that they can make money elsewhere. And because there would be no demand for their stuff, since, well, like I said, retail stores would close years before the capital stock of the country could retool for such purposes.

Not to even mention the number of high-paying highly trained professionals that would have to be retasked to menial factory labor to replace the untrained automaton Chinese that were doing our dirty work for next to free beforehand.

all in all, yep, great plan “Bob”.

Anonymous Coward says:

Re: Re:

I hope deep in my heart that you are kidding, bob. What do we have then? Any isolationist regime is going to quickly turn into communism/fascism/dictationship, since with no way for the UN etc to sanction us or impose human rights thingys on us, the government would go corrupt faster than a hard drive near a magnet. Since no one could leave, everyone would want to, and the only way to stop that would be oppression. What happens to our life, liberty, and pursuit of happiness then? It all goes down the f***ing drain, to crooks like bush and rumsfeld.

Forrest says:

Re: Re: Re:

It sounds like you’re joking Rico, because that statement doesn’t make any sense, but from your link you seem to be serious…

Why on earth would we (I consider myself an enviromentalist) want to be “punishing success and hurting American business”? Surely preserving our enviroment from turning into one big parking lot/dumping ground/barren wasteland is a worthy goal all by itself. I can understand a lot of argument about enviromentalism, but this one is honestly really dumb…

Anti_Anonymous_Coward says:

Give it a rest

Nice to see you have it all figured out AC. I will bet that Greenspan wishes he had your expertise during his tenure so he could have managed this $10+ trillion economy with the same certainty in cause effect that you seem to posess. At least Forrest gave us an amusing visual. You merely gave us an insight into how pathetic one sounds when his life his limited to cruising bulletin boards offering posts to compensate for the fact that nobody he knows gives a rats’ a$$ what he has to say.

Thanks for your opinion Bob…

Guy says:

Cant you just ask people the 3 most important questions anymore

Did you pack your bnags yourself?
Have your bags been in your posesion the whole time?
Has anyone asked you to take anything on board?

Queestion 1- Unless your a child who else is going to pack your bags?

Question 2- Becasue im sure there are lots of people leaveing their luggage full of all the clothes and personel itmes just sitting around

Question 3- Seriosuly if someone came to you and said please take this on the plane with you are you seriously going to f-ing do it?

coolhandw says:

Re: Guy Nov 18th

The plane that went down over Lockerby, Scotland was the result of a gulible person accepting a “radio” to carry for a “friend”. Only the radio was a bomb. Hence question number 3. Sadly there are evil people in the world and gulible people travelling for the first time who have not thought about the security implications of their actions. As silly as the questions sound, they served their purpose of raising the awareness of the population.

Chris says:

Electronics always fail

With any security measure there’s always a way around it. Security is not prevention, it’s postponment. In todays world everything is secured by encryption, and it’s just a matter of putting the effort into devising a way to crack that encryption. To get around most encryptions it would take more time and money than it’s worth for the reward you might get if your successful, and that’s the only real deterrant.

supercat (user link) says:

Can someone explain any reason why a contactless RFID system would be more secure than a contact-based system? Many existing implementations of contact-based systems are flawed, but a new implementation designed to use RFID would by just as likely to have flaws as a new contact-based system. Since contact-based devices can use more electrical power than RFID systems, they could use more sophisticated encryption schemes. Further, contact-based devices are far more immune to RF snooping.

So what’s the advantage of RFID systems?

Also, I’m a bit confused as to the difficulty of making a secure system. What security weaknesses would exist with the following:

(1) Factory creates RSA chips, each with a unique hard-coded id, private key, and public key. The factory keeps a list of the id’s and public keys; the private keys are destroyed after the chips are manufactured and are handled in such fashion as to ensure their destruction.

(2) When a user goes to perform a transaction, his ID is read out and used to access the key database. The public key, or a cryptographic hash thereof, is retrieved and compared with that in the chip.

(3) Next the reader generates a random string, encrypts it with the public key, and sends it to the chip. The chip decrypts it with its private key and sends it back.

Assuming a decent length of key is used, how could this system be attacked?

LJSeinfeld (profile) says:

RFID vs SmartCards

For the record… (at least as it applies to satellite tv) the encryption on the smart cards was never defeated. Access to the sensitive parts of the card was achieved by “glitching” the card with commands @ different timing and subjecting the chip to different voltages than the card was originally designed for. After awhile, the card would “puke” and then ATR — once the card ATR’d you were in– and could read / write to the chip with normal commands.

New smartcards have clock timing functions on both the inside and outside of the secure part of the card making glitching pretty-much useless…

RFID technology is neat, and potentially useful for many things, but being RF, it lends itself to too many other useful things that the holder of the device may be unaware of.. like tracking movements, seeing what item on a given store display was picked up / put down, etc.

I’d imagine that it would not belong before people would be able to construct an “American” (or insert the nationality of your choice) detector that could identify the presence of an American in a crowd full of people, and then help to ferret them out. (not to go all “tinfoil hat” on you or anything).

There has to be a better and less-intrusive way…

toxiccom says:

Re: Re:

really, get rid of the passport , everything should be in ur fingerprint, multypass credit cards banking lets get it over and done with, I would want to pay and travel with my finger, sometimes 10….privacy still exsists? what would that be, that u don’t do anything… tel is big brother! so if u dont call and dont surf on the web, dont spend money with ur credit card and surely dont travel dont work, u will have little data if anyone wants to check on u which isnt likely in a 6bi. world

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...