Hackers crack new biometric passports

Discussion in 'Current Affairs, News and Analysis' started by armchair_jihad, Aug 7, 2006.

Welcome to the Army Rumour Service, ARRSE

The UK's largest and busiest UNofficial military website.

The heart of the site is the forum area, including:

  1. Hi-tech biometric passports used by Britain and other countries have been hacked by a computer expert, throwing into doubt fundamental parts of the UK's £415m scheme to load passports with information such as fingerprints, facial scans and iris patterns.

    Speaking at the Defcon security conference in Las Vegas, Lukas Grunwald, a consultant with a German security company, said he had discovered a method for cloning the information stored in the new passports. Data can be transferred onto blank chips, which could then be implanted in fake passports, a flaw which he said undermined the project.

    The revelation also casts another shadow over the government's plan for a national ID card, which would contain much of the same information.

    Article in full


    For those not in the know the Defon conference is the worlds no. 1 black hat and white hat security conference, if they can hack it then numerous teenagers in Russian bedrooms can as well.

    Not safe stop it - obviously a sales man will convince new Lab otherwise.
  2. You mean Labour supporters who are only looking for some small recognition for all the support they've shown will no longer want Bliar to award them the contract, nor will they want the Knighthood. Still, no doubt they can keep the tens of millions spent on the viability project.
  3. I know Lukas , and if he says it has happened or can be done, you can guarantee it. Loving your work with RfID Lukas ;)

    The back bedroom analogy is a good one, and frankly , this is going to be an extremely lucrative way for technology aware criminals (or their kids) to make large sums of money.
  4. It was only ever going to be a matter of time. Nothing the Government does IT wise ever works!
  5. Can the chips in these passports be read from a distance? I read that this feature was being planned so that your passport could be 'read' without having to physically hand it over. The theory is that this would reduce waiting times at the immigration desk as well as reducing hassle for identity thieves who'd just need to pass close to you to steal your ID.

    Also convenient for suitably equipped suicide bombers who can tell how many Yanks, Brits or Israelis are on the bus before pressing the button.
  6. Ancient_Mariner yes they can, the Govt say that only from a few feet (after all thats what the nice salesman told them) Dutch tests show that they can be scanned from at least 100 feet. Fortunetly our Govt knows what it is doing so there won't be collosal theft of ID's by remote scans. Phew!
  7. Yes and yes.
    That is exactly the problem.


  8. There's only one thing to do then. I'll be keeping my biometric passport under my tin foil hat from now on!
  9. "Data can be transferred onto blank chips, which could then be implanted in fake passports"

    Would the hacker be able to change the data or would this be like having some one elses photo on your fake driving licence? - easy to spot by the eagle eyed immagration bods.
  10. New it would only be a matter of time.

    Nothing can stop it, were money involved it is sure to happen.
  11. Goatman

    Goatman LE Book Reviewer

    I reluctantly parted with my old passport recently and received a new one very promptly ( at an exorbitant cost)

    My shiny new British Laissez-passer contains a sealed electronic device with an antenna. I am not aware that I've ever voluntarily submitted to either finger printing or Retina scanning.

    So....this is an emitter yes ?

    and at what range can it be detected ? And this is a Neue Arbeit initiative ?

    hmmm.....think I might accidentally have it in my pocket when I go for an MRI scan at some stage......

    Le Chevre
  12. Good point. I wonder how long it will be until a new offence of mucking about with your passport/id card comes onto the books.

    I wonder what would happen if your your all singing all dancing card was accidentaly exposed to a strong magnetic field and then didn't work.

    Could you perhaps be able to sue someone when you can't travel/buy your prescription/whatever.....

    Might be another moneyspinner for Sue, Grabbit & Run.
  13. As I read it, they can only read the data and put an exact copy on the fake passport. Depending on what data there is on there (photo?) that probably won't do them a whole lot of good.
  14. That's only true if your face and/or biometric data is checked against the passport photo and/or stored data at the point of entry.

    If the photo is compared by a customs officer as you enter (as they did the last time I went through immigration into the UK) then the data on the chip is redundant. Face recognition technology does not yet work sufficiently accurately to do it automatically, indeed the delays caused by pulling those who need manual checking out of line may well take more time than doing it the old fashioned way. And annoy a lot of people.

    If you check the biometric data you run into the problem that the technology is pretty unreliable, generating lots of anomalies that need to be resolved by a human. Imagine getting a 10% failure rate as an A380 tips up - not a pretty thought. Again, lots of hassle.

    The reality is though that for this to be at all practical it has to be automated. Which means that a fake passport can be used with impunity, and manual checks will be few and far between.