The purpose of the chip is to have a digitally signed copy of the passports data. The chip in the British e-passport (along with German and others that have gotten "hacked") isn't supposed to be a token so cloning it is as much of an attack as copying a public key certificate.
On the other hand, the ICAO machine readable travel document specification has an optional active authentication scheme that makes the chip a token. Some countries have implemented active-auth in their e-passports. (incidentally, I specified the AA requirement in my countrys e-passport project) Now hacking that would be noteworthy as the chips used are specifically designed and common-criteria EAL verified to be tamper proof crypto-chips.
Also, I don't see how they could insert falsified biometrics - the biometrics are digitally signed. Unless the british document manufacturers really royally botched up and leaked their private key. Or the SHA-1 RSA-1024 signature scheme is broken, which would have much graver consequences than forged passports.
This current hack is as much newsworthy as someone photocopying a passport.
The phone has 256MB of RAM and a 1GHz processor, which do the job reasonably well, though the Anna interface will likely leave something to be desired for many smartphone users.
The most commented posts on Engadget over the past 24 hours.
Now that we've thrown 'em off the trail, use the form below to get in touch with the people at Engadget. Please fill in all of the required fields because they're required.
The purpose of the chip is to have a digitally signed copy of the passports data. The chip in the British e-passport (along with German and others that have gotten "hacked") isn't supposed to be a token so cloning it is as much of an attack as copying a public key certificate.
On the other hand, the ICAO machine readable travel document specification has an optional active authentication scheme that makes the chip a token. Some countries have implemented active-auth in their e-passports. (incidentally, I specified the AA requirement in my countrys e-passport project) Now hacking that would be noteworthy as the chips used are specifically designed and common-criteria EAL verified to be tamper proof crypto-chips.
Also, I don't see how they could insert falsified biometrics - the biometrics are digitally signed. Unless the british document manufacturers really royally botched up and leaked their private key. Or the SHA-1 RSA-1024 signature scheme is broken, which would have much graver consequences than forged passports.
This current hack is as much newsworthy as someone photocopying a passport.