Hackers crack new UK Passports, same tech as ID cards

Discussion in 'Current Affairs, News and Analysis' started by armchair_jihad, Nov 17, 2006.

Welcome to the Army Rumour Service, ARRSE

The UK's largest and busiest UNofficial military website.

The heart of the site is the forum area, including:

  1. RFID chips in your passport cracked - the same technology that is going into ID cards A major win for terror and crime.

    Three million Britons have been issued with the new hi-tech passport, designed to frustrate terrorists and fraudsters. So why did (we) find it so easy to break the security codes?

    "I was amazed that they made it so easy, the information contained in the chip is not encrypted, but to access it you have to start up an encrypted conversation between the reader and the RFID chip in the passport.

    The reader - I bought one for £250 - has to say hello to the chip and tell it that it is authorised to make contact. The key to that is in the date of birth, etc. Once they communicate, the conversation is encrypted, but I wrote some software in about 48 hours that made sense of it.

    The Home Office has adopted a very high encryption technology called 3DES - that is, to a military-level data-encryption standard times three. So they are using strong cryptography to prevent conversations between the passport and the reader being eavesdropped, but they are then breaking one of the fundamental principles of encryption by using non-secret information actually published in the passport to create a 'secret key'. That is the equivalent of installing a solid steel front door to your house and then putting the key under the mat."

    "If you can read the chip, then you can clone it," he says. "You could use this to clone a passport that would exploit the system to illegally enter another country."

    The Home Office insists that UK passports are secure and among the best in the world, but not everyone agrees. Last week, an EU-funded body entitled the Future of Identity in the Information Society (Fidis) issued a declaration on machine-readable travel documents such as RFID-chipped passports and ID cards. It said the technology was "poorly conceived" and added: "European governments have effectively forced citizens to adopt new ... documents which dramatically decrease their security and privacy and increase risk of identity theft."

    In full and worth a read

  2. Mmmm, couldn't see that one coming!
  3. I find this utterly incredible:


    The Home Office said the investigation exposed no significant weaknesses. "This doesn't matter. What use would my biometric image be to you?" He added that ID cards would contain enhanced encryption technology.

    Gus Hosein, an expert in information systems at the London School of Economics, said: "This is stupid technology. If chips can be cloned they will be used in counterfeit passports."

    Ross Anderson, professor of security engineering at the Cambridge University computer laboratory, said: "To say this doesn't matter displays a cavalier lack of concern."

    or are the Home Office owning up that they really do not give a stuff, leading to the conclusion that they only did this to prevent getting aggro from voting proles having to apply for a US visas to go the Disneyland?

  4. How did this muppett get a job at the Home Office? Is he another illegal immigrant or a window licker hired to meet equal opportunity targets?

    So you crack the biometric data. You then change it to match your own and then 'Hey Presto!' Mr. Abdullah bin Abdullah can enter the US as Mr John Smith with matching finger prints, photo, iris scan etc. The only way it would be detected would be if the US customs, when they scan the passport would have access to the central UK database for a real-time comparison. But they don't and they won't.

    What a chod!
  5. It is amazing the amount of assistance the Home Office gives AQ and International Crime, its almost as if they were being paid to lube up the UK Publics back doors