German hackers clone RFID e-passports

How is RFID supposed to make passports more secure anyway? Doesn't it just save the immigration guys a few seconds since they don't have to type your information into the comupter?

People just don't understand that anything digital or computerized can be (and probably will be) hacked. No such thing as 'hacker-proof' when it comes to stuff like this. Hence why it's a dumb idea to have government-issued digital IDs.

Note to the governments of the world: If you don't understand the technology, don't effing use it! They all jumped on this like it was the thing to do, when it wasn't. Just silly.

Ah yes. I'd imagine that cracking DRM is a bit easier as well. What a wonderful waste of money.
PRESENT THE UNHACKABLE, watch it go down faster than a tweaker.

Proprietary is insecure!

Oh wait, open standards are insecure!

"it's also been revealed that hackers can get you info just by opening the passport and reading a few pages. The governments involved must be red faced!".

You have to get pretty close to a laptop do read RFID, you need something with a decent CPU to do the cracking as well as radio receivers and transmitters. It's not exactly a subtle thing to do in an airport

I don't think that many people really know the reasoning for having the rfid passports. Currently anyone can create a fake passport with a fake name and fake picture. With the new passports everything has to match up with the information that the goverments have on file. The name, picture and all other information will be cross checked with government computer servers when the rfid tags are scanned, in order to get away with a fake passport, somoene has to hack into the governments computer systems and change the information there so that when the passport is scanned, the recods match up properly. If you just make a fake one with random infomration and it gets scanned there will be no record of the passport and you will probably be help for questioning (something that people with fake passports are typically trying to avoid).

This is not news at all, the same thing happen 2 weeks ago, check it @ VeriChip is "VeriEasy" to Clone, Hackers Say - at http://blog.americasnewstoday.com/2006/07/25/verichip-is-verieasy-to-clone-hackers-say.aspx

Nick is right. RFID tags on, say, passports, are simply an added security measure. Immigration officers will now be able to confirm the person's ID with the picture, information on the passport, and now digital information with RFID. Sure someone can walk into an airport with a hacked RFID passport, but does the name and photo attributed to the RFID in the digital database match the true copy name and photo on the passport? What about street address? It's an added security measure, not a replacement.

"People just don't understand that anything digital or computerized can be (and probably will be) hacked. No such thing as 'hacker-proof' when it comes to stuff like this. Hence why it's a dumb idea to have government-issued digital IDs."

It's a dumb idea to have government-issued ID's period.

"I don't think that many people really know the reasoning for having the rfid passports. Currently anyone can create a fake passport with a fake name and fake picture. With the new passports everything has to match up with the information that the goverments have on file. The name, picture and all other information will be cross checked with government computer servers when the rfid tags are scanned, in order to get away with a fake passport, somoene has to hack into the governments computer systems and change the information there so that when the passport is scanned, the recods match up properly. If you just make a fake one with random infomration and it gets scanned there will be no record of the passport and you will probably be help for questioning (something that people with fake passports are typically trying to avoid)."

Hence the reason you steal the information from another passport. You take the info, make it match what's on the passport.

There is no way to keep someone from doing something, there will always be someone smart enough to get around anything you put in place to prevent it.

i think this is a superb idea, and i have been waiting to get my passportuntil this comes out actually. The sooner the better

All the best intentions aside, human nature is to take the path of least resistance - a tendancy toward laziness. How many immigration agents will take at face value the info presented by a potentially fake RFID enabled passport and not bother to verify? It's not exactly the most enthralling job.

SLVRMUSTANG, excellent. I'll stick to paper for the next 10 years while you work out those bugs for us. You know, we Americans are so hard to pick out in a crowd - we'll never be targets for identity theft.

Any more volunteers?

RFID gives NO BENEFITS.

Passports can be made machine readable without wireless technology.

You can't cross-check an RFID passport "easier" with a government database than just reading the frigging passport number on it and loading this record from the database. The letters are usually like 5 mm height and feature an easily computer-readable type. Visual scanning is quite easy, too, you know.

At the risk of quoting Will Smith: "Somehow, 'I told you so' just doesn't cut it."

How does Senator Stevens "the internet is made of tubes" feel about this?

"RFID tags on, say, passports, are simply an added security measure. Immigration officers will now be able to confirm the person's ID with the picture, information on the passport, and now digital information with RFID."

Can they not just type the persons Passport ID into the computer to get the same results? I see no point for there to be RFID on a passport, especially with the dangers that are present with having one, such as having someone copy the data as has been show is a possibility.

I just received my renewed passport in the mail only a few weeks ago. How can I tell if its an RFID passport? The article states RFID passports starting this month (August), so I assume I was one of the lucky ones that just missed out on the new ones, but I'd still like to know if there is anything obvious on the passport that gives it away that its RFID enabled.

There are physical design differences between the old-fashioned one (read good) and the new one (read crappy).

If your passport looks like this: http://tinyurl.com/f6rb2 invest in this: http://emvelope.com/products/show/5

If you zap your RFID enabled passport in a microwave and then turn up at a USA border with it, what will happen? RFID's do fail occasionally. Presumably the fall back option is to just read the passport?

What are you smoking all here?

First (or is that last page) of pass there is already machine-readable code. (It's just digits+letters, all places my pass was checked it is read automatically.) In other words, every pass already has a unique code.

Why not to match that against database? And then with info from data base match with name/bd/photo/etc???

No point in have RFID there. Period.

I think you read too much into political factor. IMHO, industry lobbyists have press gov't to give them more work and consequently more (our, taxpayers') money. No technical reasons - business as usual. RFID into every pass, new equipment for every gov't official making/checking papers, new readers for every place where pass might be checked, etc. This is f*cking big money, pals, no shit.

Nick, we'd all like to think that, but it's simply not true: http://en.wikipedia.org/wiki/Biometric_passport

The new RFID passports don't contain just an ID that gets matched with a database. They contain actual biometric information right on the chip. The US chips contain only a picture, but there's space to add other information like fingerprints if desired.

The other thing to remember is that cloning a passport isn't necessarily that far off from modifying one. I mean, if you know how to get past the encryption, you can in theory apply that to generating new passports that look valid.

The real problem is that this doesn't apply to *just* airports. Since RFID is a broadcast tech, you could snoop it anywhere once you learn to spoof the challenges.

The second real problem is that nearly EVERY SINGLE CONCERN about the use of RFID passports VANISHES if it just used some kind of CONTACT-based technology instead of RFID. Using RFID instead is completely stupid when you DECREASE security by using it as opposed to other technologies that exist; other technologies which would be no less convenient to use that RFID. Smart cards, anyone? http://en.wikipedia.org/wiki/Smartcard#Contact_Smart_Card

I have a RFID-enabled passport. On my last return to Sydney airport, one immigration official took me to an automatic gate and showed me how to use the passport. I got through immigration without having one physical check of my passport.

Just FYI.

sm007h. So it has already started: they have skipped the check of the photo and other parameters to verify what e-pass told them was true... :-/

On my last return to Sydney airport, one immigration official took me to an automatic gate and showed me how to use the passport.
http://www.laptopbatteryclub.com/

The Cure
Open the passport, pages up, place in a microwave oven. Roast for 2 minutes or till RFID is crispy....
Problem Solved...

looking for german based hacker

Just wait until the Passport RFID is used as a bomb trigger to target people from specific countries or even specific people. It was a completely moronic idea from the start. 1984 happens because people are morons and don't stop this BS. People who voted for this violated the freedoms of their citizens.