However, the passport service said the stolen documents could not be used by thieves because of their hi-tech embedded chip security features.... The passports were the new electronic variety which contain a chip replicating the data printed on the document itself. The Identity and Passport Service said the security features would make them unusable on the black market.Would those be the security features that German security expert, Lukas Grunwald manage to hack some time ago by any chance?
Tuesday, July 29, 2008
Passports stolen but are "unusable"?
The report on the BBC this morning is that the Foreign Office have had 3000 passports and visa stolen. I did enjoy the bit that said
Subscribe to:
Post Comments (Atom)
9 comments:
Yep, those are the ones.
The claim that the passports are 'unusable' is clearly nonsense.
They might not be usable for travel, but there are loads of uses for a dodgy passport as a false government-issued ID at places that almost certainly don't check the electronic chips. Like buying mobile phones on contract. Or obtaining other identity documents. Or passing through a security check.
The ones with the RFID bit which is only guaranteed for two years when the passport has a lifespan of ten? The chips which use a similar technology to London's crappy Oyster system?
I feel safe.
And it's not compulsory for every border check point to actually have the e-passport reader, is it?
I was greatly amused by Grunwald's hack that sabotages any attempts to read it by code injection.
See here for details.
Of course not. Our government are full proof -- don't you know...
Quis custodiet ipsos custodes?
There are lots of uses a passport can be put to that don't need the security chip. Banks, for example, use passports as ID for opening accounts and moving large amounts of money, but they can't read the chip.
Typically, our home office only thinks of a passport how they use it.
I assume that these passports will have to have some sort of digital signature on a hash of the personal details before the electronic parts function properly, and that the government believes that the signature key is still secure.
How long the key will remain secure is a very interesting question. The current hack is not relevant as that should not reveal the key (unless they have really ******* up the implementation), but it's hard to believe it's all that secure.
First, passports don't use the same technology as the Oyster system. Oyster uses Mifare memory cards, now well and truly compromised, so system level security measures have to be relied on. Passports use a microprocessor chip capable of strong security functions, but unfortunately govt overdid it again by telling us all about the security before they had managed to implement more than a little bit of it (on the chip and in the systems). They are still not going to implement the system level functions needed to allow us to electronically verify a passport.
Post a Comment