Woe-innovators


    How much the state structures of 45 countries that started issuing them to citizens shouted about the benefits of electronic passports . Like, it’s almost impossible to crack it, you can read the data only on special devices, to which the hands of troublemakers will never reach how everything began to crumble.

    At first it turned out that the RFID chip signal can be jammed; after, at the Black Hat conference, remote unauthorized data collection was shown, and now the last imagined line - the impossibility of hacking, was broken.

    Tests in the English Timesproved that the vaunted RFID chip in the passports of residents of the United States and the United Kingdom (which now began to receive them in droves) can be hacked and cloned in less than an hour. Two ordinary passports of the average English were “opened”, after which photos of Osam Bin Laden and a suicide bomber were inserted in place of the owners' photos (you can’t refuse a sense of humor). Moreover, the most interesting thing is that the uniqueness of both passports was confirmed by this “special device”.

    Prior to this experiment, it was claimed that hacked chips could be detected, since their key codes would not match those entered in international databases. However, only 10 out of 45 countries participate in the Public Key Directory program., and only 5 out of 10 do the programs really work. But photography is one thing, and the owner’s biometric data is completely different, however, according to researchers, this data can be manipulated without much stress.

    As expected - the problems do not end there, but only begin.

    In the electronic passport there are practically no unique distinctive characters that make faking it a difficult task - this task is entrusted to biometrics. But if the data can be replaced, then it can be written in the same way in any "empty" or someone else's passport. And so those people from the London police who claimed that 3,000 blank passports stolen last week could not be used have probably already prepared a bucket of ash.

    In addition, the Public Key Directory itself is more likely to add new problems than solve existing ones. The fact is that 35 countries that have not signed up for the program do not reveal the passport codes of their residents, which means that it is simply impossible to verify the uniqueness of the Estonian passport in the UK.

    All this, of course, can in no way please the residents of Russia, which is among the countries considering the universal implementation of passports based on the RFID chip. And given the fact that they are also planned to be used as passes, say, at the place of work, this whole idea can turn into extremely unpleasant consequences.

    Perhaps all this looks like paranoid delirium, but as you know - even the most inveterate paranoid can stick a knife in the back.

    Following the Timesreasoning for Dvice .

    PS For all those interested in the topic - I advise you to google on RFID and IOactive requests - a company that has found a huge number of vulnerabilities and shortcomings in technology; there really is something to read.

    Also popular now: