Sign in / up

back to article E-passport security flaw allows remote ID of nationality

Security researchers have discovered a technique for reliably detecting the presence and nationality of a nearby e-passport. Most newly issued passports carry an embedded RFID containing digitally signed biometric information. Access to this chip is wireless, which introduces a security risk, the possibility that an attacker …

COMMENTS

House rules Send corrections
This topic is closed for new posts.
  1. Roger Stenning
    Coat

    Shielded passport wallet, anyone?

    I'm reminded of a recent movie called "Xchange" (http://www.imdb.com/title/tt0242150/plotsummary)

    0 0
  2. Herby
    Black Helicopters

    At least US passports do the "right thing"

    And have built in shielding.

    Me? A properly placed hammer blow ought to work nicely. Probably not too detectable until you attempt to 'read' the information. Then "ooops, it doesn't work!".

    Are they circling yet?

    0 0
  3. Joe Harrison

    This could be really nasty

    Leave your IED in some likely place where lots of people go past it all the time. Nothing will happen until one of those bastards from [insert unlucky nationality here] shows up then WOOM.

    0 0
  4. Anonymous Coward
    Alert

    Some mistake surely?

    Surely our security/terror/id boffins wouldn't get the BASICS wrong, would they?

    0 0
  5. Mister Cheese
    Stop

    Puh-lease

    Detect the nationality of a passport from a range of 25cm? Wow. When I was last at an airport (not T5 thank goodness), I used my eyes and successfully decoded the non-encrypted national emblem on the front of half a dozen passports belonging to people in various queues at a range of far greater than 25cm. And I wasn't even trying hard.

    0 0
  6. Mat
    Coat

    @ Herby

    Or just bung it in the microwave for a while..

    0 0
  7. dervheid
    Alert

    @ some mistake surely?

    Yes, they would. Don't they ALWAYS? (Answer - Yes!)

    0 0
  8. Anonymous Coward
    Anonymous Coward

    <no title>

    The right thing is not to create a problem, such as broadcasting a person's private details, that will require a sheilding solution, in the first place.

    0 0
  9. Wayland Sothcott
    Go

    Re: such as broadcasting a person's private details

    Well then it would mean no RFID, where would the fun and profit come from. RFID is so cool we should put it in everything. Combine RFID with IPv6 and have RFID readers everywhere then you have a proper fully connected world. Google Earth you could zoom in to someones passport or shopping basket or home webcam. Imagine that.

    0 0
  10. druck Silver badge
    Black Helicopters

    Tinfoil hat

    I just hope the double layer of tinfoil in my leather passport holder actually works.

    0 0
  11. Anonymous Coward
    Thumb Down

    No defense for RFID

    Don't you think it's patently rediculous to use a broadcasting device, and then have to shield it again?

    I'm still entirely unclear why a passport has to carry so much extra data in the first place.

    0 0
  12. Michael
    Boffin

    Passport nationality?

    Does it differentiate diplomatic passports from non-diplomatic ones? ... that dosent seem to be covered here. Who actually issues them?

    0 0
  13. Kane
    Coat

    Some mistake surely?

    Yes they would - and don't call me Shirley.

    Bdum Tsh!!

    Coat/Hat/Passport/Taxi........

    0 0
  14. Anonymous Coward
    Black Helicopters

    what about scanning baggage for passports

    what's stopping immigration from scanning your bags looking for your other passports (if you have dual nationality etc.)

    0 0
  15. Steve Foster

    American Passports...

    ..."shielded as an _alternative_ to BAC"? (my emphasis)

    So, American passports don't bother to a) provide for a security mechanism for establishing communications, and b) don't encrypt comms either.

    IOW, they're really even more shit than ours. I bet the shielding was an afterthought, when someone realised there were no "safeguards" for the RFID.

    If passports have any form of passive indirect communication, they should be both shielded *and* use encrypted communication.

    I really can't see a significant advantage in using "contactless" technology for an item that is expected to be handled by an official, where the option to swipe or otherwise connect the passport to a reader exists.

    0 0
  16. Edwin
    Stop

    nonissue

    If you don't want others to see what your passport says, buy a cover or keep it in your pocket.

    If you are worried that someone is interested enough in knowing your nationality to hang about <somewhere> collecting that information, make a tinfoil bag.

    Gosh - that was hard!

    0 0
  17. Rob Elliott

    Lost the plot.

    When I get home my passport is going straight in the microwave!

    If I say that outloud I'm sure my co-workers will think I've flipped...

    0 0
  18. Steve Evans
    Black Helicopters

    Haha, I'm not scared...

    I keep my passport under my tin-foil hat!

    0 0
  19. Alan Dente (Firm to the byte)
    Boffin

    Scramble, don't block

    Tin foil? They can just wang up the receiver sensitivity. Instead, pop an Oyster card inside. Both use ISO14443A protocols at the same frequency so neither can be read while they're together.

    0 0
  20. jeremyduffy.com

    Well flipping duh

    It's stuff like this that proves what a stupid mistake it was to put RFID in passports in the first place! Add wireless to the system, oh yeah! That'll make it more secure.

    0 0
  21. David Perry
    Flame

    Other shield types include...

    ...a metal MESH - faraday's cage :D

    ...lead - poisonous if not coated in something nice like leather, but a fantastic up yours to radio signals

    Icon cos if someone tried to nick my identity I would happily watch them suffer hell.

    0 0
This topic is closed for new posts.