Wednesday, March 7, 2007

Crack! Security expert hacks RFID in UK passport

Successful effort pulled data off document in mailing envelope
Jeremy Kirk

March 06, 2007 (IDG News Service) -- A security expert has cracked one of the U.K.'s new biometric passports, which the British government hopes will cut down on cross-border crime and illegal immigration.

If true this illustrates the dangers of naively putting RFID chips into not only passports but credit and debit cards as well. This could well be a huge economic boomerang that could hurt the very core of trust in government and in our economy. All an identity thief needs to do is scan the passport for the person's photograph and fingerprints and other biometric data on the rfid chips.

The problem is isn't if the the data will be stollen but when it will be. This data is too valuable when it is stored enmasse on a large centralized database. There are criminals who would love to "A" prove that the hack can be done and "B" make a tone of cash off of the reselling of your personal information. Also there are Criminals who will just sit reading news papers at the airport waiting for you to walk by with your passport and its rfid chip inside, while they sit there reading the rfid reader in their pocket is skiming your vital information right out of your passport.

Further since your at an airport, you obviously not on the no fly list, that makes you a prime candidate for an identity theft, by any of a hundred types of criminals from organized crime, terrorists, or just regular criminals swiping identitys for resale on the black market. You as a travel capable passenger are who they'll be looking for. This is the real problem of putting our information in such a convienient location, it makes it convienient for both the goverment and criminals to scrape all the data you have stored on the passport.

We really need to rethink this idea!

powered by performancing firefox

No comments: