Friday, November 17, 2006

British RFID passports cracked

The Guardian is reporting that Steve Boggan and a friend/computer expert have managed to crack into the supposedly securely encrypted British RFID passports:
Cracked it! Special reports Guardian Unlimited:

...By last month, Booth, Laurie and I each had access to a new biometric chipped passport and were ready to begin testing them. Laurie's first port of call was the ICAO's website, where the organisation had published specifications for the new travel documents. This is where he learned that the key to opening up the secure chip was contained in the passports themselves - passport number, date of birth and expiry date.

"I was amazed that they made it so easy," Laurie says. "The information contained in the chip is not encrypted, but to access it you have to start up an encrypted conversation between the reader and the RFID chip in the passport.

"The reader - I bought one for £250 - has to say hello to the chip and tell it that it is authorised to make contact. The key to that is in the date of birth, etc. Once they communicate, the conversation is encrypted, but I wrote some software in about 48 hours that made sense of it.

"The Home Office has adopted a very high encryption technology called 3DES - that is, to a military-level data-encryption standard times three. So they are using strong cryptography to prevent conversations between the passport and the reader being eavesdropped, but they are then breaking one of the fundamental principles of encryption by using non-secret information actually published in the passport to create a 'secret key'. That is the equivalent of installing a solid steel front door to your house and then putting the key under the mat."

Within minutes of applying the three passports to the reader, the information from all of them has been copied and the holders' images appear on the screen of Laurie's laptop. The passports belong to Booth, and to Laurie's son, Max, and my partner, who have all given their permission....

1 comment:

Anonymous said...

The data on a passport would be stored on an RFID chip in the passport's back folder, but the data would be locked and unavailable to any reader that doesn't know a secret key or password to unlock the data. To obtain the key, a passport officer would need to physically scan the machine-readable text that's printed on the passport page beneath the photo (this usually includes date of birth, passport number and expiration date). The reader would then hash the data to create a unique key that could be used to authenticate the reader and unlock the data on the RFID chip.