Biometric passport cracked

By    John Garner on  Monday, August 7, 2006
Summary: An article in the Guardian getting their source from Wired.com recounts how Lukas Grunwald, a German security consultant has been able to copy the data from biometric passports using 200 dollar equipment. Although the cloned data cannot apparently be modified, the so called unbreakable RFID tag technology seems less secure than expected. The technology behind […]

An article in the Guardian getting their source from Wired.com recounts how Lukas Grunwald, a German security consultant has been able to copy the data from biometric passports using 200 dollar equipment. Although the cloned data cannot apparently be modified, the so called unbreakable RFID tag technology seems less secure than expected.
The technology behind the "UK's £415m scheme to load passports with information such as fingerprints, facial scans and iris patterns" doesn't really seem too reassuring.
Gus Hosein from the London School of Economics and Privacy International, a U.K.-based group that opposes the use of RFID chips in passports:

"Is this what the best and the brightest of the world could come up with? Or is this what happens when you do policy laundering and you get a bunch of bureaucrats making decisions about technologies they don't understand?"

The wired.com article goes into detail about how the data can be copied, but it is currently unlikely that the data could be tampered with. Grunwald demonstrated that since the machines used to read the biometric passports read one tag at a time it is possible to place another and trick the system into reading that one. Physical inspection would most likely uncover the trick though.
The article also refers to other security companies that have demonstrated that it is possible to read data regardless of the metal mesh system supposed to protect the chip from being read by anyone around the carrier. This is far more scary since it means a passport carrier in a crowd could be pinpointed or trigger a remote system placed near there by terrorists.

The main issue of the current system used, like those used in corporate and hotel security systems, is the lack of encryption of the data which enables brute force dictionary attacks in far too many cases. It seems absurd that goverment officials can sit back and scorn at such proof of flaws in the current system. The attitude of yes but even if they can do that there is still a physical check just seems irresponsable. The whole idea was to create a system that didn't allow illegal cloning of the data stored on it. Now that has been cracked we have one last line of defense left! Wow that leaves me completely reassured...!

Article written by  John Garner

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

Check out the most recent posts from the blog: 
Sunday, September 24, 2023
The reliability & accuracy of GenAI

I question the reliability and accuracy of Generative AI (GenAI) in enterprise scenarios, particularly when faced with adversarial questions, highlighting that current Large Language Models (LLMs) may be data-rich but lack in reasoning and causality. I would call for a more balanced approach to AI adoption in cases of assisting users, requiring supervision, and the need for better LLM models that can be trusted, learn, and reason.

Read More
Saturday, September 23, 2023
From Chatbots to Reducing Society's Technical Debt

I discuss my experience with chatbots, contrasting older rules-based systems with newer GenAI (General Artificial Intelligence) chatbots. We cannot dismiss the creative capabilities of GenAI-based chatbots, but these systems lack reliability, especially in customer-facing applications, and improvements in the way AI is structured could lead to a "software renaissance," potentially reducing society's technical debt.

Read More
Friday, June 16, 2023
The imbalance of power in the AI game: in search of the common good

The article discusses the contrasting debate on how AI safety is and should be managed, its impact on technical debt, and its societal implications.
It notes the Center for AI Safety's call for a worldwide focus on the risks of AI, and Meredith Whittaker's criticism that such warnings preserve the status quo, strengthening tech giants' dominance. The piece also highlights AI's potential to decrease societal and technical debt by making software production cheaper, simpler, and resulting in far more innovation. It provides examples of cost-effective open-source models that perform well and emphasizes the rapid pace of AI innovation. Last, the article emphasises the need for adaptive legislation to match the pace of AI innovation, empowering suitable government entities for oversight, defining appropriate scopes for legislation and regulation, addressing ethical issues and biases in AI, and promoting public engagement in AI regulatory decisions.

Read More
Thursday, June 1, 2023
Japan revises copyright laws for AI

Japan has made its ruling on the situation between Content creators and Businesses. Japanese companies that use AI have the freedom to use content for training purposes without the burden of copyright laws. This news about the copyright laws in Japan reported over at Technomancers is seen as Businesses: 1 / Content Creators: 0 The […]

Read More
crossmenuarrow-down