Anyone who has recently got a new passport will be aware that it now contains biometrics as well as an RFID chip and aerial. This allows the passport to be scanned quickly and is, at least theoretically, the model that Government plans to use for its ID cards scheme if it ever comes to be.
Just in case you were wondering, the technology has been successfully broken into and has been manipulated to the point that the equipment used to scan the passport can be easily crashed due to a buffer overrun. A buffer overrun, for those wondering, is where a bug in code allows an overflow of data in a space of memory that has specified allocation.
The implication of finding an overrun that can crash the system is that with a little work the overrun can be exploited to execute an attackers code on the equipment and take control of it. Think about this in relation to ID cards. If you can alter the card and make it exploit a flaw in the reader system so that it "passes" the scanning check, then they're not going to do much to protect against ID theft are they? You could be whoever you wanted to be!
Update: Above link has been fixed to point to the actual Wired article about this issue.
6 comments:
It's got the RFID chip and aerial alright, but no biometric info as yet - just your photo and the biographical info printed in the passport.
A reminder, though, to renew your existing passport now - and you'll have until 2018 (with 9 months' allowance on your existing passport) before you have to give all ten fingerprints to the government like a common criminal.
As for the addition of Welsh and Gaelic versions of the inside cover script, given that there are now more speakers of pashtu, or urdu, or arabic in the UK than Gaelic, one wonders how long it will be before these languages are added and our Britannic Passport comes to resemble a leaflet from the GLA.
Home Office says that they've been trailing biometrics for two years in that link.
But see the section headed 'What information is stored on the chip?'
Also, the procedure for renewing a passport is still just to hand in your old passport with a form and new photos - no requirement to attend a biometrics centre as yet.
I've no doubt that you are correct in that biometrics are already being trialled - the spyblog is right up to date on this - but we still have a brief window of opportunity to buy ourselves a breathing space.
Ah.. Our old friend the "buffer overrun"... I didn't realise that HMG were using Micro$oft to write the passport system - it's almost been their trademark over the years! :-)
"You could be whoever you wanted to be!"
I call Chuck Norris!
One passport + one large mallet = no overflow problem.
Post a Comment