Woe-innovators

How many shouted about the benefits of e-passports, state structures of 45 countries that started issuing them to citizens. They say that it is almost impossible to hack it, data can only be read on special devices that never reach the hands of troublemakers, as everything began to crumble.

At first it turned out that the RFID chip signal can be jammed; after, at the Black Hat conference, a remote unauthorized removal of data was shown, and now the last imaginary frontier - the impossibility of hacking, was broken.

Tests conducted in the English Times proved that the vaunted RFID chip in US and UK residents' passports (which have now begun to receive them in large numbers) can be cracked and cloned in less than an hour. Two ordinary passports of the average English were “opened”, after which photos of Osama Bin Laden and a suicide bomber were inserted in the place of the photos of the owners (in a sense of humor you cannot refuse). And, what is most interesting - the uniqueness of both passports was confirmed by that very “special device”.
')
Prior to this experiment, it was argued that hacked chips could be detected, since their key codes would not be the same as those listed in international databases. However, only 10 countries out of 45 participate in the Public Key Directory program, and only in 5 of these 10 does the program actually work. But photography is one thing, and the owner’s biometric data is completely different, but according to researchers, this data can be manipulated without much stress.

As one would expect, the problems do not end there, but only begin.

In the electronic passport, there are practically no unique distinctive symbols that make its fake an uneasy affair - this task is assigned to biometrics. But if the data can be replaced, then they can also be written in any “empty” or foreign passport. And so those people from the London police who claimed that the 3,000 empty passports that were stolen last week cannot be used for sure, they have already prepared a bucket of ashes.

In addition, the Public Key Directory itself will most likely add new problems, rather than solve existing ones. The fact is that 35 countries that are not enrolled in the program do not disclose the passport codes of their residents, which means that it is simply impossible to verify the uniqueness of the Estonian passport in the UK.

All this, of course, can in no way please the residents of Russia, which is among the countries considering the universal introduction of passports based on an RFID chip. And given the fact that they are planned to be used also as passes, for example, at the place of work, this whole undertaking can turn into extremely unpleasant consequences.

Perhaps all this looks like paranoid delusions, but as you know, even the most inveterate paranoid can stick a knife in the back.

In the footsteps of the Times , reasoning for Dvice .

PS For everyone interested in the topic - I advise you to google on RFID requests and IOactive - a company that has found a huge number of vulnerabilities and shortcomings in technology; there really is something to read.