[LINK] Code highlights e-passport eavesdropping risk
Kim Holburn
kim at holburn.net
Wed Nov 1 21:38:01 AEDT 2006
On 2006/Nov/01, at 9:23 PM, Irene Graham wrote:
> On Wed, 1 Nov 2006 20:35:45 +1100, Kim Holburn wrote:
>> If the passport can be read from say 10 or 20 metres away and the
>> data
>> stored ....
>
> Physics. Apart from that so you've got a key to unlock a particular
> passport chip. How are you going to communicate with the particular
> passport chip, which emits a random UID, from 10 or 20 metres away?
As I understand it the data is available via radio, that is the point
of RFID. The ID in this case is the encrypted data. You only have
to read it. I don't believe you have to unlock the chip to read it,
just unlock the data.
Once you have the data you can decrypt at your leisure. The only
problem is powering the chip so it transmits the data. To do that
you need a low frequency electromagnetic signal or equivalent or you
wait until someone else powers it and read it from a distance. We
can pick up radio signals from stars millions of light years away.
You think we can't do that with a passport?
I am assuming the chip is basically a passive RFID. Have I got that
wrong? Do you have to interact with the chip? You can send it
commands? That is a frightening thought.
--
Kim Holburn
IT Network & Security Consultant
Ph: +61 2 61258620 M: +61 417820641 F: +61 2 6230 6121
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
Cacert Root Cert: http://www.cacert.org/cacert.crt
Aust. Spam Act: To stop receiving mail from me: reply and let me know.
Use ISO 8601 dates [YYYY-MM-DD] http://www.saqqara.demon.co.uk/
datefmt.htm
Democracy imposed from without is the severest form of tyranny.
-- Lloyd Biggle, Jr. Analog, Apr 1961
More information about the Link
mailing list