[IP] E-passport at risk of being targetted by terrorists
Begin forwarded message:
From: adam <lists@xxxxxxxxxxx>
Date: October 23, 2006 12:04:21 AM EDT
To: Dave Farber <dave@xxxxxxxxxx>
Subject: E-passport at risk of being targetted by terrorists
Hi Dave,
Two articles about new RFID "ePassports" in Ireland are attached, for
IP if
you like.
Thanks,
Adam Beecher
--------------------------------------------------
E-passport at risk of being targetted by terrorists.
http://www.digitalrights.ie/2006/10/22/e-passport-at-risk-of-being-
targetted
-by-terrorists/
October 22nd, 2006
Digital Rights Ireland director, Antoin O'Lachtnain, in an interview
with
Mark Tighe of the Sunday Times (
http://www.timesonline.co.uk/article/0,,2091-2415780.html ) today,
gave an
insight into the possibilities of Ireland's new electronic passport
being
targetted by criminals.
The lack of security measures, protecting the passport from being
"skimmed",
are a real risk, exposing these passports to the possibility of being
read
and the contents copied by terrorists.
Recent press coverage has exposed (
http://www.theregister.co.uk/2006/08/04/e-passport_hack_attack/ ) the
security risks associated with electronic passports.
'Terror risk' for electronic passport
Mark Tighe
THE new Irish e-passport is lacking a basic security feature
contained
in the American version, leaving Irish passport holders open to
targeting by
terrorists, according to a leading lobby group.
Digital Rights Ireland (DRI) claims the lack of any shielding in
the
passports means "skimmers" will be able to detect the passports from
picking
up their frequencies, and even identify nationality, without the holder
knowing.
The new passports were launched last week by the Department of
Foreign
Affairs, ahead of a US deadline requiring countries on its visa-waiver
programme to start issuing passports with a radio transmitter chip
(RFID)
from Tuesday. The department expects to issue 750,000 by the end of
2007.
While the chip is meant to be read from only a few centimetres,
prototype testing showed they could be detected up to 9m (30ft) away.
This
led the US State Department to introduce a metal mesh in the passport
cover
to "make unauthorised reading of the passport very difficult from any
appreciable distance as long as the passport is closed".
An encryption system prevents skimmers from accessing the
biometric data
on the chip but security firms have demonstrated that a hand-held
scanner is
able to identify the presence of unshielded passports. Researchers are
examining whether it will be possible to identify the passport
nationality.
Antoin O'Lachtnain, a director of DRI, said it was unbelievable
Ireland
did not follow America's lead in providing shielding. "The only
reason we
are implementing the e-passport is because the Americans told us we
had to,"
he said. "I really think e-passport holders should use a shield, such
as a
piece of tinfoil, to prevent the RFID chip being read without their
knowledge."
Some companies are already offering special wallets with shields to
protect passports against skimmers.
O'Lachtnain said skimming technology would advance over the planned
10-year lifespan of the passports. "Terrorists could use a scanner to
identify a group of, say, British or American nationals by the
passport they
are carrying and then kidnap them or kill them in a suicide bombing,"
said
O'Lachtnain.
The Department of Foreign Affairs said shielding was not
necessary as
the passports must be open at very close proximity to the reader. A
source
at the International Civil Aviation Organisation said: "I think it
will not
be long before other countries move to implement similar shielding."
--------------------------------------------------
New Irish Passports have RFID chip
October 20th, 2006
http://www.digitalrights.ie/2006/10/20/new-irish-passports-have-rfid-
chip/
Despite the recent press attention to the launch of 'biometric'
passports,
not many reporters have focused on the fact that these new passports
seem to
include Radio Frequency ID (RFID) chips. From the Department of Foreign
Affairs website ( http://www.dfa.ie/services/passports/ePassports.asp )
"The chip technology allows the information stored in an Electronic
Passport
to be read by special chip readers at a close distance."
The technology the Department of Foreign Affairs chose to protect the
information in the chip from being read remotely (eavesdropped) by
anyone
within 5 metres (15 feet) is called Basic Access Control (BAC).
Basic Access Control is used by other countries, such as the
Netherlands to
protect their RFID Passports from eavesdroppers. However, a Dutch
security
testing lab called Riscure has examined the reliability of BAC and found
that it is quite possible for a determined eavesdropper to break the
control
with a handheld reader, and an ordinary PC from within 5 metres.
( Slides
outlining this attack method:
http://www.riscure.com/2_news/200604%20CardsAsiaSing%20ePassport%
20Privacy.p
df )
The Department of Foreign Affairs has confirmed to DRI that the new RFID
passports are not issued with sequential numbers, which increases the
security of the chip. However the US, which also uses BAC, has gone
further
by placing shielding equipment in the covers of the passports
(essentially a
metal foil layer).
"To further protect against skimming, the U.S. e-passport will include a
shielding material in the passport cover that will make unauthorized
reading
of the passport very difficult from any appreciable distance as long
as the
passport is closed." http://travel.state.gov/passport/eppt/
eppt_2788.html
We will be enquiring as to whether the Department of Foreign Affairs
intends
to do likewise and attempt to keep our members informed. If any or our
members or readers would like to contact us on this topic, or offer
their
help or expertise in addressing it contact Bernard Tyers at the contacts
given here.
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/