Worrying sign of things to come...
Published: 4 August 2006 15:55 BST
News that attendees at a US hacking conference have seen a demonstration of how to clone a digital passport has raised fresh concerns about the security of proposed new forms of ID and travel documents.
A hacker called Lukas Grunwald showed attendees at the Las Vegas Black Hat convention how to clone passports, using a German passport for his demonstration. However, standardisation across ePassports means the exploit would work on any other passport which uses RFID chip technology to store details of the individual - such as those now being issued in the UK or US - and was carried out using freely available technology.
According to security guru Bruce Schneier, Grunwald's job was made all the more easy by the publication of standards for ePassports on the website of the International Civil Aviation Organisation.
Simon Perry, VP security strategy at CA and a member of the European Network and Information Security Agency, told silicon.com that if people can crack the security on bank cards then it was inevitable, in time, they would find a way to do the same with passports.
The biggest problem, Schneier wrote on his blog, is that passports will have a shelf-life of 10 years, during which time the technology will not only become antiquated but will almost inevitably be overtaken in sophistication by the methods for cracking it.
Eyeing up ePassports?
Check out this photo story for pictures of the new look UK travel document.
Schneier wrote: "A passport has a 10-year lifetime. It's sheer folly to believe the passport security won't be hacked in that time."
The UK is currently in the process of rolling out ePassports which store biometric data about the holder on a chip.
Because CA's Perry said RFID chips can increasingly be read surreptitiously, often from distances far greater than the six inches which designers originally claimed, he suggested the security conscious might like to consider investing in a metal cigarette or cigar case large enough to hold their passport.
Doesn't say _what_ was cracked. If the informatio...
Evan M
Cloning is the real risk:
So, when you leave y...
Richard
I have just been issued with one. The photo is fuz...
Fergus
I have just been issued with one. The photo is fuz...
Fergus
Please explain what was "cracked". As far as I kn...
Johnny Mnemonic
Within your team you will work on projects tackling highly complex and business-critical issues in the supply-chain arena and have the opportunity to ...
Project Manager / Senior PM - Blue Chip Salary: 55-65K + blue-chip benefits (depending on experience) The role as a Project Manager / Senior PM - ...
Computer People are currently recruiting on behalf of a large Blue Chip client for a part-time Project Co-Ordinator to be based on their Loughborough ...
Agenda Setters 2008
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Nick Heath
Next stop HMRC: How TfL CIO will shake up the taxman
Interview: Phil Pavitt, CIO Transport for London, on making IT boring
Gary Bettis
Public sector CIOs: It's your time to shine
Comment: Efficiency programme offers big challenges and opportunities
Gary Lynch
How e-coding can prevent NHS slip-ups
Barcodes to run in their blood
silicon.com
Inbox: Chip and PIN latest big IDea - and still no readers
"PIN numbers do not present much of a challenge to a determined crook"
Jo Best
From army officer to IT chief - CPS CIO David Jones
Profile: What IT and the military have in common
silicon.com
Inbox: Government IT ignoring red lights?
"The civil servants who specify these projects are not competent technically"