Add the Travelog to the following resources:
del.icio.us
Digg
Slashdot
Technorati
Furl
We have tagged maps of Guadeloupe and Martinique. Clicking one of these links opens a new window so you can explore the map as well as continue reading our wiki.
RFID passports have been cloned
Lukas Grunwald has cloned his own German passport which used the same RFID technology as the American passports will. According to a Wired article, Grunwald read the specifications for RFID chips, bought a chip reader and a program to interpret the data, read his passport, and cloned it to a smart card. As pointed out in "How to clone the copy-friendly biometric passport" on The Register, nothing Herr Grunwald did is illegal or could be considered as having "cracked" the RFID chip. All the information he used is openly available, the hardware was legally purchased and is legal to own, as is the software. Given that, readers can be built from parts that are also readily available, so trying to prevent people from buying readers accomplishes nothing.
Now the question is, what can you do with the cloned data? Wired points out that the readers are programmed to read the nearest one. So someone on a watchlist can put the smartcard in his passport between the reader and the legitimate RFID chip. The computer would show the data on the smartcard, presumably from someone not flagged on the watchlist. For this to work, obviously the officer staffing the reader would have to see a valid passport and not pay attention that the computer display shows a different person's name, seeing instead only the lack of the flag alert.
I want to thank Wired for taking the time to point out that the personal data is not changed by Herr Grunwald's cloning and that at this time it cannot be - the data are encrypted, and changing anything (like making the name match that of the passport holder) breaks the hash key. I presume this does more than just show a flag.
Wired has written an interesting article that mentions the difficulties of reading the passport from a distance (electronicly picking your pocket, so to speak), but it also mentions cloning smart keys to hotels, your office building, and the like.
For information on how to get a passport without an RFID chip, see the article at
"Last chance for a chipless passport?". The blog at 27BStroke6 (2 notes: you should know where the name comes from; google if you don't - and it's by Wired, hence all the links to Wired articles).
Page Information
|
Wiki Information
|
Recent PBwiki Blog Posts |
Create your own free wiki!
Add to Del.ici.ous
Add to Digg
Add to Reddit
Add to fUrl