NXP supplying Germany with second-gen ePassports
Considering just how well the first round of RFID ePassports withstood subversion attempts from hackers, we're amazed that anything needs to be tweaked at all. Sarcasm aside, NXP is all set to make Germany the first country on the planet to utilize second-generation ePassports, as the EU-set deadline to migrate doesn't pass until June of 2009. The new passports will include a SmartMX chip that allows biometric data to be "securely stored on the passport," and the 80kb of onboard storage also holds the individual's photo, name, and date / country of birth. Of note, NXP even goes so far as to gloat about the chip's ability to "guard against attack scenarios," but we'll be interested to see how long it takes the oh-so-motivated hacking community to find a backdoor when these launch later this month.[Via TheRegister]
Filed under: Wireless
Reader Comments (Page 1 of 1)
popac @ Nov 3rd 2007 4:54AM
Interesting :)
Bernhard @ Nov 3rd 2007 5:07AM
Just add a display, a couple of buttons as well as a battery, hack it to run homebrew and you are all set to play Tetris while waiting in line at the Flight Gates/passport control.
ts @ Nov 3rd 2007 6:49AM
You don't seem to get it. Passports, visas and identity cards have been machine-readable for 10-20 years now. It's done with the optical strip at the bottom. Now, if you want more data, the choice is to either look it up on a centralized database, or to store it in the passport itself. The German fingerprints are not stored anywhere whatsoever, except on the passport itself. Or do you prefer the fingerprints to be in a government database? RFID is just the way to transmit this data from the passport to the reader, it's not the core issue, which is to keep your private data in the passport, and not in a database. OK, we can object about RFID as a safe transmission medium, but confusing this with the biometrics is confusing issues I think.
patsy @ Nov 3rd 2007 12:08PM
> OK, we can object about RFID as a safe transmission medium, but confusing
> this with the biometrics is confusing issues I think.
What the hell are you talking about?! Storing actual data instead of merely record identifiers using a technology that has been demonstrated again and again to be hackable is extremely worrying. If they do indeed store actual finger print data on the chip, someone could potentially steal the data remotely for surreptitious use. Whereas in the past they would have had to physically obtain the passport for optical scanning, now they can snarf up the data from a safe and anonymous distance. While there are cryptographic ways to reasonably secure this data so it's not necessarily immediately (or perhaps ever?!) usable to the thief, government track records of doing the right thing or using the right tech in this respect are not very confidence inspiring. Considering I'm due for renewal of my German passport within the next six months, this does indeed bother me.
indeego @ Nov 3rd 2007 7:43AM
"Now, if you want more data[...]"
I personally dont want more data. Thats my problem with the ePass.
Richard @ Nov 3rd 2007 7:47AM
EUROPEAN UNIOOOOOOON!!!!!!
EU EU EU EU EU EU EU EU EU
Andrew @ Nov 4th 2007 7:58AM
Oh, yeah, let's bash the European Union for following the requirements of the US government! If Europeans wanted to have visa-free access to the US we had to issue our citizens with this kind of passport. You look kind of foolish now, don't you?
Richard @ Nov 4th 2007 12:34PM
? Dueeed what are you talking about?!? I'm from europe, And i love the eu. We have visa free acces to the US by the way. I was in boston 2 weeks ago...
kadajawi @ Nov 3rd 2007 10:01AM
Isn't it cool? Now Bin Laden can go, look around for someone who looks close to one of his suicide bombers in the train, sits besides him, and copies the passport. Then at home he clones it, since he has all the infos neccessary on the passport he can make a somewhat convincing copy of it, make his suicide bomber look like that guy he copied from, make a wearable fingerprint (been demonstrated already, pretty easy to do) since he has the data from the passport, and voila. You couldn't do such a good copy with the old passport, which you had to steal anyway and what would then be noticed. Terrorists of the world, rejoice!
(Not that I understand what reason would be there to do that anyway... suicide bombers usually are pretty harmless until they suicide, aren't they?)
moonfighter @ Nov 3rd 2007 10:32AM
it's even worse... from now on they will scan your fingerprints (both pointing fingers afaik) and save them on that rfid-chip...
btw. the chip is so secure, that the city of Luebeck is selling aluminium-bags for the passport, so that it's sure nobody unauthorized reads the chip. (http://www.tagesschau.de/inland/ereisepass8.html sorry, only in german)
last but not least: right now some politicians even begin to think about adding this rfid-chip to the german id-card, because not everybody owns a passport (which is only necessary for journeys outside of the EU), so everybody gets filed...
Richard @ Nov 3rd 2007 7:52AM
I already have an ID card with a rfid-chip in it. It's pretty cool. Why do you guys make such a problem about the government knowing ur fingerprints? are you criminals or something?
facebookfake @ Nov 3rd 2007 4:13PM
@Richard
That is probably the weakest argument for a government invasion of privacy. "Well if you obey the law you have nothing to worry about." And what happens when those laws change? To maybe something more nefarious? People in the "civilized world" always think it's impossible for a dictator to come to power, but more often than not they can, and through legitimate means at that. (Hitler anyone?)
Eric @ Nov 3rd 2007 9:10PM
@Richard
I imagine the german government many years ago would have LOVED to use this technology not only in passports... but I bet they would fit snugly inside yellow cloth stars.
I mean... what is there to be afraid of? Right?
Andrew @ Nov 4th 2007 7:57AM
@Eric
And what government required that Europeans get this kind of passport? The United States of America, that's who! If Europe wanted to continue the visa waiver program it HAD to issue this kind of passport. So who's watching who?
Wwhat @ Nov 4th 2007 9:24AM
That article you linked to points out that the president of the german police actually carries his passport wrapped in tinfoil, amusing detail.
Kaminix @ Nov 5th 2007 1:26AM
@facebookfake
Has it ever, outside of the U.S., been legitimate to kill off your political opponents?
Reid B. @ Nov 3rd 2007 11:59AM
Terrorists rejoice is right! Now they don't need suicide bombers. They can trigger bombs by proximity of passports of your target country, even target a specific person. What a moronic idea. People who voted for this committed treason against their own citizens.
ts @ Nov 4th 2007 1:26AM
The scenario you describe is in general not possible. First you need to access the optical part. Only then do you have enough data to access the content of the RFID part, i.e. read nationality, etc. The content of the optical part acts as a "password".
Sure, if you already had a chance to scan the optical side, and with access to the right technology (secret service, anyone?), you may create something that just waits for the intended target. This is a big concern and weakness I think, also because RFID is known to be potentially accessible from wider distances than those specced, with the appropriate hardware.
Andrew @ Nov 4th 2007 7:57AM
And what government required that Europeans get this kind of passport? The United States of America, that's who! If Europe wanted to continue the visa waiver program it HAD to issue this kind of passport. But is it treason if you can watch over foreign citizens? I don't trust the US with my identity.
Skorpius @ Nov 3rd 2007 12:53PM
Just keep these in a leather-bound Faraday cage.
Reid B. @ Nov 3rd 2007 3:33PM
You can trust yourself to do that but not the guy next to you.
Ellianth @ Nov 3rd 2007 4:24PM
What problem is this technology supposed to solve? Does it make waiting in lines faster or something? I never understood why they wanted them to be electronic in the first place. I bet they're gonna ask to see the passport even if they can get all the data without looking at it anyway.
Someone tell me what the idea behind e-passports is. I've always wondered.
Andrew @ Nov 4th 2007 7:58AM
The US government thinks this will create more security. We have some use for it in Europe I suppose - but we also have passport free travel within Europe! European governments HAD TO get this kind of passport if we wanted to keep the Visa Waiver program with the US.
Tiago F. @ Nov 3rd 2007 11:16PM
First country on the planet??? In Portugal we have been using those for over an year. Check http://www.pep.pt/ingles/index.php
Andrew @ Nov 4th 2007 7:59AM
Several European countries have ePassports already, but this is the *SECOND* generation ePassport.