UK security experts have cracked the sooper sekure new UK biometric passports. It took 48 hours. With £174 worth of sniffer hardware, attackers can read all the personal information off of any of the three million new UK passports in circulation — and if combined with demonstrated hacks for reading RFIDs at a distance, this could happen from across the room, or even farther. You can then clone the RFID and stick it in another passport (surprise! your identity is now owned by a terrorist!).
“If you can read the chip, then you can clone it,” he says. “You could use this to clone a passport that would exploit the system to illegally enter another country.” (We did not clone any of our passport chips on the assumption that to do so would be illegal.)
Grunwald adds: “The problems could get worse when they put fingerprint biometrics on to the passports. There are established ways of making forged fingerprints. In the future, the authorities would like to have automated border controls, and such forged fingerprints [stuck on to fingers] would probably fool them.”
But what about facial recognition systems (your biometric passport contains precise measurements of key points on your face and head)? “Yes,” says Grunwald, “but they are not yet in operation at airports and the technology throws up between 20 and 25% false negatives or false positives. It isn’t reliable.”
Link, Link to Bruce Sterling’s blistering commentary
(Thanks, Matt!)