e-passport
Latest
Video: Samsung's e-passport turns your head into a rotating government specimen
Samsung (and your local government) hasn't been shy with its plans for electrifying passports. Yet we still haven't seen video of its e-passport with flexible OLED display in action, 'till now. The 2-inch, 240x320 AMOLED displays a disembodied, rotating head in 260k colors and 10k:1 contrast when activated by an RF source reader. No details were provided as to when these might enter production but we have the icky feeling it'll be sooner than we want.[Via OLED-Info]
More e-passports hacked within minutes, security questions abound
It's downright frightening that we've become numb to this news, but here again we're faced with another report of e-passports being hacked within minutes. The University of Amsterdam's Jeroen van Beek was reportedly able to clone and manipulate a pair of British passports in about the time it takes you to sip down your first cup of joe in the morning, and worse still, they were accepted as genuine by the software "recommended for use at international airports." The tests point out a number of vulnerabilities, including the fact that the microchips could be susceptible to having falsified biometrics inserted for use. As expected, talking heads at the Home Office still insist that any chip manipulation would be immediately recognized by the electronic readers, so we'll leave it up to you to decide who's telling the truth here.
Samsung demonstrates e-passport with flexible OLED display
It's been a tick since we've heard anything noteworthy on the e-passport front (that's probably a good thing, truth be told), but Samsung SDI and German security printer Bundesdruckerei are out to break the silence. The two have teamed up to demonstrate a passport that boasts a "slim and bendable" OLED color display within a "polycarbonate data page." Predictably, the aforementioned display can be used to "provide a raft of information including a video of the document holder." It's also noted that the units will be heat-resistant, enabling officials to laminate the cards and make them less susceptible to manipulation. Information about a potential release date wasn't divulged, but it sure sounds like this stuff is dangerously close to being ready for use.
New US e-passports to speed checkpoint times, freak out privacy types, in April or May
The feds are done debating and are all prepped to introduce RFID e-passports readable up to 20 feet away to US citizens who frequently travel to Canada, Mexico or the Caribbean in either April or May of 2008. The new passports should allow traveler info to be read as they're shuffling up to the border agent, who can verify their info and wave them along with little delay. Privacy advocates are obviously concerned about people capturing data or cloning the passports, but you can always "accidentally" destroy your RFID chip if that's enough of an issue for you -- the rest of us welcome our benevolent Big Brother with bellyfeel![Via Slashdot]
Hackers crash e-passport readers -- stage set for exploits
Lukas Grunwald -- last seen cloning Germany's RFID passports -- is back with more "white hat" hackery on the world's new e-passport systems. This time, however, he's crashing RFID readers to demonstrate how a hacked passport could conceivably force approval of expired or forged passports. After all, "If you're able to crash something you are most likely able to exploit it," says Grunwald. Lukas was able to crash two passport readers made by different vendors by first cloning a passport's chip and then modding the JPEG2000 image file stored within the chip to create a buffer overflow condition -- the same vulnerabilities which make so many devices (the original Xbox, anyone?) so easily exploitable. Lukas contends that all airport readers are likely vulnerable to such an exploit as they would be using off-the-shelf libraries for decoding JPEG images. Lukas will be demonstrating his latest hack this weekend at DefCon in Vegas. Hmmm, with CES moving to RFID badges this year, we have a funny feeling that attendance is going to be way up. [Via BoingBoing]
Cloned e-passports: your government doesn't care
How easy is it to digitally clone an electronic passport? Very. Using an RFID reader purchased on eBay, white-hat hackers from DN-Systems consulting recently demonstrated to the BBC how they can download British e-passport data to their computer and then write it to a new, blank RFID chip to create a perfect digital clone. Sure, the hack requires access to the software used by border police, but apparently, this is already out in the wilds. Astounding, huh? Yeah, but it's not new. This is the same hack we've seen repeatedly demonstrated in Germany, the US, The Netherlands, Ireland, etc. What's notable here is the lack of incredulity imparted by the spokesman for the UK Home Office who said, "It is hard to see why anyone would want to access the information on the chip." Identify theft, maybe? True, British e-passports unlike those issued by other countries, do not (currently) store fingerprint scans in the chip and the encryption is just one aspect of the passport's overall security. However, with these mechanisms also circumvented, shouldn't our government officials be just a tad concerned?
Scaremongers dub RFID passports as potential bomb trigger
Sure, we have just as many concerns over RFID-related security technology as anybody, but a new report by mobile security experts Flexilis seems to take things a bit too far. In their report on the lacking shielding of the new e-passports, allowing the passport to be read by a high-powered reader if the book is slightly open, they go on to illustrate the "dangers" of such a security lapse by calling it a potential bomb trigger. Their demonstration involves a passport-toting dummy brushing by a trash can, which explodes once the dummy gets too close. The Flexilis guys even conjecture that a country ID code could eventually be identified in passports, allowing for targeted bombing of citizens from specific countries. The problem with all this, is that any radio-transmitting device could potentially trigger a bomb (phone, Bluetooth device, etc.), nobody has hacked an RFID country code yet, and the situations that would call for this sort of bomb are even more far-fetched than the concept. There's nothing much special about RFID in this regard, other than some security "experts" trying to cash in on the hysteria. Check the video after the break, and judge for yourself whether or not RFID is going to be the hip-cool new detonation system of the decade. We're thinking no.[Via textually.org]
US to launch RFID passports on Monday
Despite the various privacy concerns that have been repeatedly raised in regards to e-passports, the US is going ahead with their plans to launch the system this Monday. Not all newly-issued passports will be RFID-enabled, since mass production has been held up by the ongoing legal dispute over the technology. The first passports to be issued will be those produced during the pilot run of the project, but the full roll-out should be completed in about a year. Including the extra $12 security surcharge slapped onto passports last year, the new and "improved" models will cost $97, the same as they do currently. If you're overly concerned about the security implications or potential apocalypse causation, you might want to nab a passport now, since traditional passports will be valid until their listed expiration date. We'll manage like usual: hills, tin-foil, condensed milk, etc.
German hackers clone RFID e-passports
Oh snap. First the Dutch get their RFID e-passport system cracked, then VeriChip gets its "counterfeit proof" RFID implant copied by a pair of hackers in front of a live audience, and now some hackers in Germany have undermined some of the security behind the electronic passports that the United States and other countries are planning to implement this month. Lukas Grunwald did the honors this time, and says it took him about two weeks to figure out the hack, with most of his time spent reading the publicly available e-passport standards on the International Civil Aviation Organization's official website. Since all countries will be adhering to the ICAO's standard, his hack should work on other passports as well. Grunwald demonstrated for Wired the whole process of cloning a passport, and even proceeded to copy the data to a corporate smartcard, which when slipped between the normal RFID chip and the reader allows him to have a physical passport that differs from his RFID passport. All is not lost however, since most countries plan to have physical inspections to make sure everything matches up, and information cannot currently be modified on the passport -- but the security failures so far sure don't inspire a lot of confidence.
