[IWE] Unpossible!!!! Hack-proof passports hacked!

D. Scott Katzer iwe@warhead.org.uk
Tue, 30 Sep 2008 19:15:20 -0400


http://voices.washingtonpost.com/securityfix/2008/09/tool_lets_users_change_their_p.html?hpid=topnews

=== begin cut ===
Software Lets Users Manipulate Passport Data

A security researcher has published a software tool that makes it easy 
to copy and modify identification data encoded onto the computer chips 
embedded in passports issued by the United States and dozens of other 
countries.

Jeroen van Beek, a security researcher at the University of Amsterdam, 
discussed his work at the Black Hat security conference in Las Vegas 
last month, but only this week released the tool that allows anyone to 
manipulate data on the passport chips.

The attack is targeted at electronic passports or "e-passports." 
According to the U.S. State Department, the United States stopped 
issuing passports without the chips in August 2007. Close to four dozen 
other countries also issue e-passports, which are designed around an 
open international standard.

[...]

The data encoded on the e-passport chips is signed with cryptographic 
keys held by the issuing country - thus allowing the issuing country to 
tell if a citizen had altered the data on the device. The problem is 
that only 10 of the 45 countries that issue e-passports have agreed to 
share the public keys that are needed to test the integrity of the data 
on one another's passport chips. Worse still, only five countries are 
actively sharing the data.

As a result, someone who has changed the name or swapped in a new photo 
on an e-passport chip can simply sign the information using his own 
personal cryptographic key, and relatively few countries would be able 
to detect the manipulation, said Adam Laurie, a freelance security 
researcher with RFIDiot.org, a site that hosts software and research 
designed to expose holes in RFID technology.

"This is the big problem with the whole thing: It relies on checking the 
digital signatures of the content on the passport, but if nobody's 
checking those signatures, you can't tell if the data is legitimate," 
Laurie said.

Following the 9/11 attacks, the United States told other countries they 
would have to adopt the e-passport system if they wanted their citizens 
to avoid applying for visas every time they wanted to enter the country. 
But Bruce Schneier, a renowned cryptography expert who serves as chief 
security technology officer for the British telecommunications giant BT, 
said the lack of an international system for checking the signatures 
actually makes the entire system less secure because countries are bound 
to place a higher degree of trust in the newfangled passports.

"In this case, the authority for the thing is the thing itself: It's 
like my giving you an ID card and saying it's valid only because I say 
it's valid," Schneier said.

For its part, the State Department says the e-passports will be 
supplemented by other security technologies. For example, the inclusion 
of the digital photograph on the e-passport chip enables biometric 
comparison, through the use of facial recognition technology at 
international borders, the government says.

But in an op-ed published this month in The Washington Post, Schneier 
warned that researchers would likely discover even more security 
weaknesses that could be used to defeat the security of the e-passport 
system.

"The security mechanisms on your passport chip have to last the lifetime 
of your passport," Schneier wrote. "It is as ridiculous to think that 
passport security will remain secure for that long as it would be to 
think that you won't see another security update for Microsoft Windows 
in that time."

=== end cut ===

What a surprise.  Not.

Personal data sources which retain information have their place (e.g. 
personal medical records to be used by personal physicians or on 
admission to a hospital).  But thinking that they're intrinsically safe 
or hacker-proof is silly.

Cheers,
Scott.