Security researchers have discovered a technique for reliably detecting the presence and nationality of a nearby e-passport. Most newly issued passports carry an embedded RFID containing digitally signed biometric information. Access to this chip is wireless, which introduces a security risk, the possibility that an attacker …
Shielded passport wallet, anyone?
I'm reminded of a recent movie called "Xchange" (http://www.imdb.com/title/tt0242150/plotsummary)
At least US passports do the "right thing"
And have built in shielding.
Me? A properly placed hammer blow ought to work nicely. Probably not too detectable until you attempt to 'read' the information. Then "ooops, it doesn't work!".
Are they circling yet?
This could be really nasty
Leave your IED in some likely place where lots of people go past it all the time. Nothing will happen until one of those bastards from [insert unlucky nationality here] shows up then WOOM.
Some mistake surely?
Surely our security/terror/id boffins wouldn't get the BASICS wrong, would they?
Detect the nationality of a passport from a range of 25cm? Wow. When I was last at an airport (not T5 thank goodness), I used my eyes and successfully decoded the non-encrypted national emblem on the front of half a dozen passports belonging to people in various queues at a range of far greater than 25cm. And I wasn't even trying hard.
Or just bung it in the microwave for a while..
@ some mistake surely?
Yes, they would. Don't they ALWAYS? (Answer - Yes!)
The right thing is not to create a problem, such as broadcasting a person's private details, that will require a sheilding solution, in the first place.
Re: such as broadcasting a person's private details
Well then it would mean no RFID, where would the fun and profit come from. RFID is so cool we should put it in everything. Combine RFID with IPv6 and have RFID readers everywhere then you have a proper fully connected world. Google Earth you could zoom in to someones passport or shopping basket or home webcam. Imagine that.
I just hope the double layer of tinfoil in my leather passport holder actually works.
No defense for RFID
Don't you think it's patently rediculous to use a broadcasting device, and then have to shield it again?
I'm still entirely unclear why a passport has to carry so much extra data in the first place.
Does it differentiate diplomatic passports from non-diplomatic ones? ... that dosent seem to be covered here. Who actually issues them?
Some mistake surely?
Yes they would - and don't call me Shirley.
what about scanning baggage for passports
what's stopping immigration from scanning your bags looking for your other passports (if you have dual nationality etc.)
..."shielded as an _alternative_ to BAC"? (my emphasis)
So, American passports don't bother to a) provide for a security mechanism for establishing communications, and b) don't encrypt comms either.
IOW, they're really even more shit than ours. I bet the shielding was an afterthought, when someone realised there were no "safeguards" for the RFID.
If passports have any form of passive indirect communication, they should be both shielded *and* use encrypted communication.
I really can't see a significant advantage in using "contactless" technology for an item that is expected to be handled by an official, where the option to swipe or otherwise connect the passport to a reader exists.
If you don't want others to see what your passport says, buy a cover or keep it in your pocket.
If you are worried that someone is interested enough in knowing your nationality to hang about <somewhere> collecting that information, make a tinfoil bag.
Gosh - that was hard!
Lost the plot.
When I get home my passport is going straight in the microwave!
If I say that outloud I'm sure my co-workers will think I've flipped...
Haha, I'm not scared...
I keep my passport under my tin-foil hat!
Scramble, don't block
Tin foil? They can just wang up the receiver sensitivity. Instead, pop an Oyster card inside. Both use ISO14443A protocols at the same frequency so neither can be read while they're together.
Well flipping duh
It's stuff like this that proves what a stupid mistake it was to put RFID in passports in the first place! Add wireless to the system, oh yeah! That'll make it more secure.
Other shield types include...
...a metal MESH - faraday's cage :D
...lead - poisonous if not coated in something nice like leather, but a fantastic up yours to radio signals
Icon cos if someone tried to nick my identity I would happily watch them suffer hell.