Feeds

back to article E-passport security flaw allows remote ID of nationality

Security researchers have discovered a technique for reliably detecting the presence and nationality of a nearby e-passport. Most newly issued passports carry an embedded RFID containing digitally signed biometric information. Access to this chip is wireless, which introduces a security risk, the possibility that an attacker …

COMMENTS

This topic is closed for new posts.
Bronze badge
Coat

Shielded passport wallet, anyone?

I'm reminded of a recent movie called "Xchange" (http://www.imdb.com/title/tt0242150/plotsummary)

0
0
Silver badge
Black Helicopters

At least US passports do the "right thing"

And have built in shielding.

Me? A properly placed hammer blow ought to work nicely. Probably not too detectable until you attempt to 'read' the information. Then "ooops, it doesn't work!".

Are they circling yet?

0
0

This could be really nasty

Leave your IED in some likely place where lots of people go past it all the time. Nothing will happen until one of those bastards from [insert unlucky nationality here] shows up then WOOM.

0
0
Alert

Some mistake surely?

Surely our security/terror/id boffins wouldn't get the BASICS wrong, would they?

0
0
Stop

Puh-lease

Detect the nationality of a passport from a range of 25cm? Wow. When I was last at an airport (not T5 thank goodness), I used my eyes and successfully decoded the non-encrypted national emblem on the front of half a dozen passports belonging to people in various queues at a range of far greater than 25cm. And I wasn't even trying hard.

0
0
Mat
Coat

@ Herby

Or just bung it in the microwave for a while..

0
0
Alert

@ some mistake surely?

Yes, they would. Don't they ALWAYS? (Answer - Yes!)

0
0
Anonymous Coward

<no title>

The right thing is not to create a problem, such as broadcasting a person's private details, that will require a sheilding solution, in the first place.

0
0
Go

Re: such as broadcasting a person's private details

Well then it would mean no RFID, where would the fun and profit come from. RFID is so cool we should put it in everything. Combine RFID with IPv6 and have RFID readers everywhere then you have a proper fully connected world. Google Earth you could zoom in to someones passport or shopping basket or home webcam. Imagine that.

0
0
Bronze badge
Black Helicopters

Tinfoil hat

I just hope the double layer of tinfoil in my leather passport holder actually works.

0
0
Thumb Down

No defense for RFID

Don't you think it's patently rediculous to use a broadcasting device, and then have to shield it again?

I'm still entirely unclear why a passport has to carry so much extra data in the first place.

0
0
Boffin

Passport nationality?

Does it differentiate diplomatic passports from non-diplomatic ones? ... that dosent seem to be covered here. Who actually issues them?

0
0
Coat

Some mistake surely?

Yes they would - and don't call me Shirley.

Bdum Tsh!!

Coat/Hat/Passport/Taxi........

0
0
Black Helicopters

what about scanning baggage for passports

what's stopping immigration from scanning your bags looking for your other passports (if you have dual nationality etc.)

0
0

American Passports...

..."shielded as an _alternative_ to BAC"? (my emphasis)

So, American passports don't bother to a) provide for a security mechanism for establishing communications, and b) don't encrypt comms either.

IOW, they're really even more shit than ours. I bet the shielding was an afterthought, when someone realised there were no "safeguards" for the RFID.

If passports have any form of passive indirect communication, they should be both shielded *and* use encrypted communication.

I really can't see a significant advantage in using "contactless" technology for an item that is expected to be handled by an official, where the option to swipe or otherwise connect the passport to a reader exists.

0
0
Stop

nonissue

If you don't want others to see what your passport says, buy a cover or keep it in your pocket.

If you are worried that someone is interested enough in knowing your nationality to hang about <somewhere> collecting that information, make a tinfoil bag.

Gosh - that was hard!

0
0

Lost the plot.

When I get home my passport is going straight in the microwave!

If I say that outloud I'm sure my co-workers will think I've flipped...

0
0
Silver badge
Black Helicopters

Haha, I'm not scared...

I keep my passport under my tin-foil hat!

0
0
Boffin

Scramble, don't block

Tin foil? They can just wang up the receiver sensitivity. Instead, pop an Oyster card inside. Both use ISO14443A protocols at the same frequency so neither can be read while they're together.

0
0

Well flipping duh

It's stuff like this that proves what a stupid mistake it was to put RFID in passports in the first place! Add wireless to the system, oh yeah! That'll make it more secure.

0
0
Flame

Other shield types include...

...a metal MESH - faraday's cage :D

...lead - poisonous if not coated in something nice like leather, but a fantastic up yours to radio signals

Icon cos if someone tried to nick my identity I would happily watch them suffer hell.

0
0
This topic is closed for new posts.