It seems the UK version of the high tech passport has failed the first hurtle — a writer at the Guardian and a tech expert managed to crack the passport security with relative ease. Seem those who hatched the security scheme made the rather naive mistake of going to great lengths to secure the communications between the RFID reader and the passport, but used information that is available on the printed passport as the ‘key’ to unlocking that communication. Just dumb.
Fatally, however, the ICAO suggested that the key needed to access the data on the chips should be comprised of, in the following order, the passport number, the holder’s date of birth and the passport expiry date, all of which are contained on the printed page of the passport on a “machine readable zone.” When an immigration official swipes the passport through a reader, this feeds in the key, which allows a microchip reader to communicate with the RFID chip. The data this contains, including the holder’s picture, is then displayed on the official’s screen. The assumption at this stage is that this document is as authentic as it is super-secure. And, as we shall see later, this could be highly significant.
technorati tags: passport, security, encryption, rfid