e-Passports are Insecure

by on August 11, 2008 · 4 comments

Sometimes, items come across my desk(top) that are almost too obvious to make note of, but it’s probably worthwhile to highlight the e-passport.

They are insecure.

Adam Laurie and Jeroen van Beek, at the Black Hat security conference in Las Vegas, showed the Business Technology Blog how to capture and change information stored on chips included in new passports from many countries. . . . Laurie showed us his son’s British passport, in which he embedded a chip that displays Osama Bin Laden’s photograph. The passports have a key needed to access the electronic information, but it is taken from information found in the passport like the date of birth. Laurie was able in about four hours to decipher the key and use an RFID scanner to steal the digital information from a passport contained in a sealed envelope.

The State Department implemented the e-passport with no sense of the ends it was trying to achieve. Naturally, the means it chose weren’t well suited.

Though I don’t think you’re going to cost-effectively stop or slow terrorism at the borders, Customs and Border Patrol may be less able to interdict bad people at the borders because of the e-passport misadventure.

Previous post:

Next post: