RFID Passports Secretly Copied on a Lovely Sunday Drive
Feb 3, 2009, 2:37 pm
#16
Join Date: Oct 2005
Location: BOS
Programs: Recovering AA flyer, LT PLT 2.6 MM
Posts: 1,543
The U.S. Electronic Passport (e-passport) is the same as a regular passport with the addition of a small contactless integrated circuit (computer chip) embedded in the back cover. The chip securely stores the same data visually displayed on the photo page of the passport, and additionally includes a digital photograph.
You claim many things and provide few references. I'd be happy to admit I'm wrong if simply provided with evidence.
Feb 3, 2009, 2:45 pm
#17
Join Date: Apr 2008
Location: USA
Posts: 1,439
source for info re: RFID data in passports?
I don't doubt this, and I'd like to be able to repeat it with confidence. After a quick Web search, I don't have any confirmation of it. Could you please cite a credible source?
Feb 3, 2009, 2:49 pm
#18
Join Date: Oct 2005
Location: BOS
Programs: Recovering AA flyer, LT PLT 2.6 MM
Posts: 1,543
Feb 3, 2009, 2:54 pm
#19
Join Date: Apr 2008
Location: USA
Posts: 1,439
U.S. Dept of State re: passport RFID chip content
The U.S. Department of State's U.S. Electronic Passport FAQ states:
An Electronic Passport is the same as a traditional passport with the addition of a small integrated circuit (or “chip”) embedded in the back cover. The chip stores:
- The same data visually displayed on the data page of the passport;
- A biometric identifier in the form of a digital image of the passport photograph, which will facilitate the use of face recognition technology at ports-of-entry;
- The unique chip identification number; and
- A digital signature to protect the stored data from alteration.
Feb 3, 2009, 3:01 pm
#20
Join Date: Oct 2005
Location: BOS
Programs: Recovering AA flyer, LT PLT 2.6 MM
Posts: 1,543
The U.S. Department of State's U.S. Electronic Passport FAQ states:
... so, easy enough to identify nationality based on the signing organization.
Feb 3, 2009, 3:06 pm
#21
Join Date: Apr 2008
Location: USA
Posts: 1,439
security researcher clones & manipulates UK passport RFID chips
see also: "`Fakeproof' e-passport is cloned in minutes", Steve Boggan, The Times (UK), August 6, 2008.
Boggan writes:
He continues:
Boggan writes:
The Home Office has always argued that faked chips would be spotted at border checkpoints because they would not match key codes when checked against an international data-base. But only ten of the forty-five countries with e-passports have signed up to the Public Key Directory (PKD) code system, and only five are using it. Britain is a member but will not use the directory before next year. Even then, the system will be fully secure only if every e-passport country has joined.
The tests for The Times were conducted by Jeroen van Beek, a security researcher at the University of Amsterdam. Building on research from the UK, Germany and New Zealand, Mr van Beek has developed a method of reading, cloning and altering microchips so that they are accepted as genuine by Golden Reader, the standard software used by the International Civil Aviation Organisation to test them. It is also the software recommended for use at airports.
Using his own software, a publicly available programming code, a £40 card reader and two £10 RFID chips, Mr van Beek took less than an hour to clone and manipulate two passport chips to a level at which they were ready to be planted inside fake or stolen paper passports.
A baby boy’s passport chip was altered to contain an image of Osama bin Laden, and the passport of a 36-year-old woman was changed to feature a picture of Hiba Darghmeh, a Palestinian suicide bomber who killed three people in 2003. The unlikely identities were chosen so that there could be no suggestion that either Mr van Beek or The Times was faking viable travel documents.
Using his own software, a publicly available programming code, a £40 card reader and two £10 RFID chips, Mr van Beek took less than an hour to clone and manipulate two passport chips to a level at which they were ready to be planted inside fake or stolen paper passports.
A baby boy’s passport chip was altered to contain an image of Osama bin Laden, and the passport of a 36-year-old woman was changed to feature a picture of Hiba Darghmeh, a Palestinian suicide bomber who killed three people in 2003. The unlikely identities were chosen so that there could be no suggestion that either Mr van Beek or The Times was faking viable travel documents.
Feb 3, 2009, 3:16 pm
#24
FlyerTalk Evangelist
Join Date: Jan 2005
Location: BWI
Programs: AA Gold, HH Diamond, National Emerald Executive, TSA Disparager Gold
Posts: 15,180
There are incompetent contractors out there ... I'd never work for them. They often can get the contracts because they bid so cheaply. As is the saying, you get what you pay for.
However, I can only build what they ask me to build. And if it's garbage, unfortunately, my employer is bound to provide them what they contracted us to do. I've brought up stupidity in the requirements before, and I know the engineers that meet with the customers do too. They pretty much shrug their shoulders and say "this is what we're asking you to build ... build it."
Feb 3, 2009, 3:21 pm
#25
FlyerTalk Evangelist
Join Date: Jan 2005
Location: BWI
Programs: AA Gold, HH Diamond, National Emerald Executive, TSA Disparager Gold
Posts: 15,180
If it has the propaganda pages in it, it has an RFID. If it looks like the old one, very unlikely that it has the chip.
I ordered mine back in 2006 before they were issued so I would't have to worry about this garbage until 2016.
I ordered mine back in 2006 before they were issued so I would't have to worry about this garbage until 2016.
Feb 3, 2009, 3:28 pm
#27
FlyerTalk Evangelist
Join Date: Mar 2002
Location: An NPR mind living in a Fox News world
Posts: 14,165
Wirelessly posted (BlackBerry8830/4.2.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/105)
Great post, Superguy...
It would be interesting to read the original RFP which must have been out on FedBizOpps. You could read requirements documents and specs. My guess is that the requirement to store and transmit data was more stringent than security. The RPF, sections L & M, would describe the weighted criteria the government used to evaluate proposals. It would also be interesting to find out which agency did the acquisition - State or DHS.
Great post, Superguy...
It would be interesting to read the original RFP which must have been out on FedBizOpps. You could read requirements documents and specs. My guess is that the requirement to store and transmit data was more stringent than security. The RPF, sections L & M, would describe the weighted criteria the government used to evaluate proposals. It would also be interesting to find out which agency did the acquisition - State or DHS.
Feb 3, 2009, 3:32 pm
#28
Join Date: Oct 2005
Location: BOS
Programs: Recovering AA flyer, LT PLT 2.6 MM
Posts: 1,543
As Yogi Berra said, "In theory, practice is just like theory. In practice, it ain't."
Feb 3, 2009, 3:33 pm
#29
Join Date: Apr 2008
Location: USA
Posts: 1,439
link to coverage by The Identity Project
see also: "Drive-by reader for RFID drivers licenses and passport cards", The Identity Project blog, February 3, 2009
Feb 3, 2009, 3:36 pm
#30
Join Date: Oct 2005
Location: BOS
Programs: Recovering AA flyer, LT PLT 2.6 MM
Posts: 1,543
see also: "Drive-by reader for RFID drivers licenses and passport cards", The Identity Project blog, February 3, 2009