E-passports cracked, hacked and ‘jacked’ – so what! Next it will be e-travel cards, contactless credit cards, ‘secure’ door entry passes and then smartphones. My advice…

MAKE YOURSELF INVISIBLE – what they can’t see, they can’t steal!!!

You can try a low-cost DIY RFID shielding option, or pay a few quid for a pack of eBay anti-skim (RFID blocking) sleeves. (Further info at: http://www.trackandshield.wordpress.com)

As I see it, in a not too distant future there’ll be a simple choice to make – either opt out of using ‘contactless’ kit completely, or protect your personal data as best you can. But, is there really any excuse for not knowing how to do this anymore?

@Scott McDonnell: No, I don’t work in the field and don’t have any stakes in it, I just have a strong natural aversion against wrongful statements. In fact, I wholeheartedly agree with the first part of Peter de Vroomen’s post and would like to have the whole e-Passport nonsense stopped rather sooner than later.

However, I have looked at the specifications, implemented a reader software as a hobby project and also cloned a passport myself (for demonstration, and yes, even though I was not prepared, it took about 1 hour to whip up the software for this, given my own reader tool). Therefore I do know what I’m talking about: The electronic passport stuff is mostly useless and has lots of problems. Cloning is not one of them.

Let me explain those three points in order:
++ “electronic passports are useless”: This comes by way of our own (I’m German) former minister of the interior, Otto Schily. Apparently he kind of confused his position with that of the minister of economic affairs and more or less singlehandedly got the European Union to demand electronic passports from all member countries (through the council of ministers, without any involvement of any democratically elected body). His cunning plan was to make sure that German firms producing the electronic passport had some head start so that the passport technology then would become an export hit.

Though, of course, the electronic passport thing is also related to what Bruce Schneier calls one of his “favorite logical fallacies”: “We must do something. This is something. Therefore, we must do it.”

That’s the “why” we have this train wreck of a technology imposed on us. Here’s the “how” it is useless: Schily often advertised his electronic passport plan with terrorism prevention, with which it obviously has nothing to do (case in point: all of the attackers of 9/11 had proper passports, even though Schily would have liked you to believe otherwise, but that is a story for a different post). Also there is no “terrorist” flag on the passport that would distinguish the passports of terrorists from the passports of ordinary citizens (RFC 3514, anyone?). Also the passport is still fully valid even when the chip is broken, thereby negating any imaginary security benefit. And of course: Our German passports were already the most secure passports in the world. (A parliamentary inquiry in 2007 revealed that there were exactly 6 cases of forged passports between 2001 and 2006, none involving any terrorists.)

++ “electronic passports are full of problems”: Not enough that states now get away with treating all their citizens like potential criminals (fingerprinting), and prepare them for any and all potential repressive measures there might come in the future. The potential privacy risks are endless, as are the opportunities for major implementation errors. For example: Basic Access Control (which normally prevents anybody who has not seen your machine readable zone from electronically reading your passport over the air) is nice but could have been better (for the new German ID card they have developed a new protocol, PACE, which looks much better in this regard; sadly, the German eID will still support BAC as an alternative), and prone to entropy problems, see U.K. and the Netherlands. Also it doesn’t protect enough against brute-forcing sniffed transactions with a valid reader (approx. 56 bits of entropy won’t be enough for the next 10 years).

Then there are some states who don’t use random UIDs on their passports, thereby making these easy to track *without*any*authentication*whatsoever* and bringing privacy problems to the next level. Active ‘OS fingerprinting’ sadly works always, so even if your state is not homi/suicidal you might still be targeted trough your passport’s country identification.

And even if everything works as designed and planned, it is still undesirable. Anybody who reads your passport gets a full set of interesting information, including a biometrics ready photo (and when the reader has a valid certificate: fingerprints), officially signed by the issuing state. Once this information is read, the reader is free to do whatever it desires. Rogue states (like the U.S.A.) tend to store this information forever and share it with whomever they want to. It doesn’t require a long stretch of imagination to see instances where immigration officials might want to sell this information to identity thieves. And of course: the electronic passport is only a symptom of a much larger privacy/civil rights crisis. E.g. the United States would collect and store all this information anyway (so my advice is: avoid flying to or through the U.S. or Japan at all costs), but this makes it slightly easier to justify.

++ “cloning is not really a problem”: That you can clone passports where the anti-cloning feature is not used has been known forever, was not concealed (except from some politicians who don’t read the issues that they vote on) and is not really a problem. You can’t store the cloned data on the chip that is already included in a passport, so whatever you do, it is equivalent to modifying a passport without upsetting any of the conventional anti-forgery features. This is not different than trying to change the name or picture on a conventional passport. (Granted: There is a certain effect where the immigration officer is less likely to closely inspect the physical passport if his computer tells him that everything is ok. This belongs in the “useless” and “full of problems” categories.)

So my roundabout advice when getting a new passport:
A) don’t use a biometrically useful photograph. Instead try to modify it so that it will become useless for biometric purposes, e.g. by varying the distance between the eyes, moving the mouth a bit, etc. (the IWarp tool in GIMP is great for that!). If you do that careful enough it shouldn’t be visible to a human inspector. (For a funny story about this see http://www.phenoelit.net/lablog/inputValidation.sl ) This is solely a cautionary measure as you will see in point C).
B) Try something to not get your fingerprints recorded. Research into what works best here is still outstanding, but feigning an accident where you got superglue onto all of your fingers seems like a good start.
C) Destroy the chip in your passport to prevent anybody from getting the digitally signed information (and also eliminate all tracking problems). Microwaving is not such a good idea because it does tend to leave very visible marks if you do it wrong: http://www.buzzsurf.com/toastedrfid/images/paypass_microwave4.jpg Physical stress (e.g. take it with you in your back pocket and sit on it whenever you can, a few carefully aimed hits with a hammer might also work) is less likely to arouse suspicion, but also less reliable, so you’d need an RFID reader to confirm whether it worked. The by far best option is to build and use an RFID zapper, which also is in line with the theme of this blog.

if the ‘template’ is all the government needs to match up with an image, then what does the actual data matter? If a big shiny red dot were all the information that a government used to identify you, wouldn’t someone else wearing a big red shiny dot be a threat to you?

See, that’s the whole PR spin about this: it contains ‘x’ data, therefore, what’s the problem? The problem is that your identity is being reduced to a barcode and technology is being relied on to authenticate your identity with that barcode. person y gets that barcode, person y becomes you.

they swipe their fake passport on a low security scanner at walmart, murder everyone in the store, and guess who they say was there?

i don’t suspect people like you are naive. i suspect that you have a vested interest in people accepting this technology as safe. i don’t mean to sound like a jerk, but i couldn’t care less if you loose your job when it involves misleading people.

I am sure that he is and I am sure that he does.

That was my point, wasn’t it?

And yes, it is.

Clearly #2 is familiar with the specs and therefore probably works in the field. Is his expertise a reason to distrust him?

@peter de vroomen,

What is the private data on these that is so damaging? It doesn’t contain an image of your fingerprints, it contains a template, which is (generally) a set of vectors calculated from your fingerprints. There has been some research into reversing a template into fingerprints. With some formats it is possible to get an image that can match to the template but does not resemble a natural fingerprint in any way. So someone can’t use the template to make a copy of your fingerprint and place it at a crimescene. Besides, you leave your fingerprints all over everyday. It isn’t tough for someone that wants a copy of them to pick up some trash you’ve just discarded. Much easier than hacking your passport.

The real issue is not the passport cloning or fake passports, but the fact that actual validity of the data is not really checked by customs, as the article rightly points out. Everyone who works in the e-passport industry has seen people (or done so themselves) go through customs with specimen passports issued by the “Republic of Utopia”, it’s a running joke in the industry…

Why don’t you stop googling your worthless product, get off the computer, and actually spend that time making your chips secure, instead of berating the press and hackers for blowing the whistle on your insecure junk technology?

How much is it going to cost you in damage control compared to what it would have cost you to do some real R & D into making these secure in the first place? Of course, the government will subsidize your damage control, so what do you care?

But, you’re right, it really isn’t news, because we told you it was going to happen.

My point is that my normal paper passport hardly contains any information that I consider as being private. The new passports WILL contain privacy sensitive information.

So IF the new passports will contain information that I consider private, I feel that it is my right to demand that this information cannot be retrieved by parties that I don’t want to give this information to (other than physically stealing my one and only passport and using it directly).

The thing is that this data remains valid for the rest of my life (it’s biometric data). So decrypting the data might take months, even years. But once it HAS been decrypted, I cannot change any of my body’s parameters to make that data worthless.

That means that a privacy breach in these biometric passports could potentially haunt me for the rest of my life.

http://www.wired.com/science/discoveries/multimedia/2006/08/71521?slide=1&slideView=3

Or a marketing guy can sit in the airport and gather list of person