Wednesday, August 06, 2008

ePassports cloned in less than an hour

The Times is running an exclusive this morning saying that it has had a security expert clone an e-passport in less than an hour and inject an image of Osama Bin Laden onto it which then passed the scanner check as the genuine article.

I'm not quite sure how exclusive such a story is as the ePassport technology was hacked sometime ago, and the methods that would have been used for this latest cloning would have been an extension of the original code injection flaws that were found I imagine.

Still, it does put into focus, quite sharply in fact, that when Government ministers and officials claim that things are uncrackable they're asking for trouble.

6 comments:

Fitaloon said...

I see a company in the good ol' USA is in trouble as well for having lost data which was not encrypted. Considering the system was called "Clear" makes it obvious why the data was not encrypted.

anthonynorth said...

Your last line suggests a new term:

Titanic Tech

Anonymous said...

Inspired by your earlier post about the stolen passports, I created this little Photoshop picture.

It was meant to be a joke, honest!

Anonymous said...

If this is true then it suggests that the Passport Agency's private key has been leaked. That's the only way passports could be digitally signed like the 'genuine article'.

The implication of this is that all UK e-passports are compromised!

Old BE said...

ID cards will be unhackable!

Anonymous said...

I have come to the conclusion that I don't believe almsot every claim made by any member of this appalling government.

My reasoning is that since none of the ministers are experts at anything, least of all the departments they are nominally in charge of, how can they be expected to say anything other than what is either politically expedient or what they have been told to say.

Why we listen to any of them defies logic...

In the world of software, there is no such thing as uncrackable. Perhaps ministers should start their though process from this basic truth before uttering meaningless assurances, not to mention the commitment of billions of taxpayers money on daft schemes.