British "Secure" Passports Cracked 305
hard-to-get-a-nickna writes "The Guardian has cracked the so-trumpeted secure British passports after 48 hours of work:
'Three million Britons have been issued with the new hi-tech passport, designed to frustrate terrorists and fraudsters. So why did Steve Boggan and a friendly computer expert find it so easy to break the security codes?'"
Why? (Score:2)
He helped issue them in the first place? No, just joking.
But seriously, he didn't, did he?
No surprise there then (Score:2)
Many large companies have invested huge sums of money into trying to prevent their systems being cracked. Take cable/satellite TV providers for example. Looking at the government`s record on IT projects, it was obviously doomed to failure from the start.
The id cards... were... to be based on the same (Score:2)
Re:No surprise there then (Score:5, Funny)
They should have called in the experts, Microsoft!
"Sorry sir you can't travel this evening as you haven't run your RFID chip through Passport.NET Live Update recently. We recommend you do this every second Tuesday of the 6 months proceeding travel or you may lose your right to enter your home upon return."
"Sir, do you have the 25 digit customs key for your new passport? It should have been printed on the back of the envelope it came in."
Passenger: "Excuse me, I'm having some problems with Genuine Passport Activation. I paid £66 [ukpa.gov.uk] for this a month ago but when I tried to board the International Express 737 this morning I was told that wasn't genuine."
Re:No surprise there then (Score:5, Informative)
Okay I know you're joking, but Microsoft have been one of the biggest critics [theregister.co.uk] of the UK government's ID card system as providing the ideal conduit for ID theft [ntouk.com]; so perhaps the Home Office really should have called them in.
Re: (Score:2)
News at 11 (Score:3, Insightful)
Remember, kids: government intervention is good.
Re: (Score:2, Insightful)
Easy to clone (Score:5, Interesting)
"If you were a criminal, you might as well just steal a passport."
Missing the point dude.
If my passport gets stolen, I report it. It gets cloned, I've no idea somebody is impersonating me, screwing up my life (and others).
Please people, support NO2ID [no2id.net] and tell Blair where to shove his flawed ID cards and CCTV cameras.
But no, this is great news (Score:5, Insightful)
We do have some complete fuckwits in charge. Of course, we do have some complete fuckwits voting for them, so it kind of balances out. Someone care to suggest an improvement on democracy?
Re: (Score:3, Funny)
Re: (Score:3, Funny)
If you skip the tests and move straight on to the firing squad you'll at least get rid of all the unlucky people - and let's face it, it's them who knock things over and break them, crash their cars etc...
Re: (Score:3, Funny)
The UK is not a democracy (Score:5, Informative)
We don't have a democracy, in either the pure form (which is an unworkable ideal anyway) or the popular interpretation (which is much more sensible approach in practice).
Blair has an absolute majority of MPs in Parliament, which effectively means he can force through almost anything. That doesn't mean an absolute majority of the electorate support him. Remember, Labour lost the popular vote in England at the last general election, and even with the support of MPs from our neighbour countries to prop them up, they still only received around 1/3 of the overall popular vote.
Blair and co have gone about forcing laws through and creating legacies, but the simple fact is that they have no mandate to bring in the kinds of sweeping change they are championing, unless at the very least they also have support from the other main parties who brought in other people's votes. Clearly in many of these so-called anti-terrorism matters, they do not.
Re: (Score:3, Interesting)
Thankfully not anything, as the fiasco over the 90-day detention showed. What a stiff-necked dickhead he looked like after that. I guess it happens to all PM's eventually. They get quite convinced that anything is theirs for the demanding by virtue of their office. Maybe the Americans have got something in the two-term limit for PotUS.
Re: (Score:3, Informative)
Of course it's not a democracy. In a strict "one man, one vote" definition, a democracy should always act as the majority wish on any specific subject. But in practice, this only works in the presence of a completely informed and rational population, which you can never realistically achieve (regardless of good will) because of the sheer scale of what's involved.
Hence we commonly use the word "democracy" informally, to mean a government that acts according to the overall principles and intents of the popu
Re: (Score:2)
Democracy's not the root problem. It's the scale. Nothing will work well on a scale this large. There are too many competing interests among a population of millions to satisfy anyone fully, much less everyone.
Of course, that's not even close the complete problem. No major wars for two generations, service economies, mass-media conglomeration, and plain stupidity and/or apathy by the public all contribute to the current problems. But democracy (indeed
Re: (Score:2)
Oh, and anyone who wants to run for president should be automatically disqualified.
Re: (Score:3, Interesting)
Re: (Score:2)
I heard John Reid on radio on Wed justifying ID-Cards by saying it would stop identity theft..I nearly crashed the car I was so mad.
ID-cards will get 'cloned'/copied eventually too. Technology on it's own isn't a cure-all.
Re: (Score:2)
If I had known ten years ago that all this was going to happen, I would have signed up for my electricity, gas, water and telephone services all in different names -- and encouraged everyone I knew
Re: (Score:2, Informative)
Also, 10 Downing Street have now made it easy for you to petition against the introduction ID cards [pm.gov.uk].
Re: (Score:2, Interesting)
Register now! Just give us your full name, and address including postcode!
What else would they like? DNA sample, fingerprints?
Re:Easy to clone (Score:5, Informative)
But that's exactly the point of this 'cracked' encryption: you *can't* clone the passport just by reading the RFID in someone's coat pocket.
Well this is so, but if you read the FA then you'll see a more plausible attack involving someone who knows your name and address (the postman in that case). Nevertheless it seems the fundamental problem here is that the key on the chip can be brute-forced. A simple change ought to fix that - either have the chip shut down after three incorrect keys have been tried, or (better) have it implement an exponential back-off for each failed attempt.
Rich.
Re: (Score:2)
Have it only give the correct answer half of the time.
Then of course, you really wouldn't be sure if it's giving the correct answer at all unless you already knew it.
Re:Easy to clone (Score:5, Insightful)
Re: (Score:2)
Back-off is reasonable except then someone just wanders through Heathrow spamming passports with their 10m-range RFID reader and then nobody flies.
That would be funny though :-)
Rich.
Ah, I think there's a knock at the door. Police?
How indeed ... (Score:3, Informative)
I just finished reading the article.
In short, the weakness lies in the fact that although DES3 is used to encrypt the communication between the passport chip and the reader, the key is based upon data that's available on the passport:
Re:How indeed ... (Score:5, Insightful)
The reader at the cutoms employee's desk has to be able to read the passport data. It has to know the key.
Instead of installing a super-secret key in all readers around the world (and having to pray that it does not somehow leak out), the designers opted to use a separate key for each passport and have it printed on the passport itself, so that it can be used by the reader.
This is only intended to protect against the "reading in the metro" scenario. Not to protect against reading your own passsport using an RFID reader.
Also, many scenarios written after such discoveries assume that the readability of the data implies it can be modified to commit fraud. This is not true. The data is signed using public-key encryption, and modifications are easily detected by the reader.
Re:How indeed ... (Score:5, Informative)
To be fair to the system designers it does make the whole system a little more secure in that the data on the chip has to be matched with the paper information. But only a little: if I found someone who looked sufficiently like me AND I could gain access to their passport the system is just a compromised. Arguably moreso as the claimed extra security will lead to an unjustifiable rise in trust.
Considering the following scenario: a crooked hotel clerk (in Europe you usually have to show your passport when checking in) takes your passport "to be photocopied". Using the key information on the passport they clone every passport that comes their way. This way they can build up a stock of passports matching all conceivable faces to be resold. This actually becomes more useful the longer the system is in operation as the ten years of a usual passport's lifespan can make your face change dramatically.
The end result is a system only marginally more secure than before.
Re:How indeed ... (Score:5, Informative)
Re: (Score:2)
Re: (Score:2)
Basically, what you suggest could've been done, but not wit
Re: (Score:2)
What seems crazy is not that all of the data used for the key is present in plain text on the passport, but that it is also often used elsewhere (hotels demand passport numbers, etc.) - only the check digits aren't quoted externally. The even crazier thing is that there DOES appear to be room on the second line of machine readable data on UK passports for an extra field (I'm guessing that other countries ma
Governments and computers don't mix (Score:4, Insightful)
In any case, isn't 3DES being phased out because the cost of cracking it has fallen dramatically recently?
Re: (Score:2, Informative)
Re: (Score:2, Informative)
DES has been cracked by brute force in a short time for a limited cost but estimates are that DESede (or 3DES or whatever name you prefer) would still require milennia with current methods. The fault lies at the weakest link - the choice of encryption key.
The problem is that with encryption of static data (i.e. in a situation where you can't use something like Diffie-Hellman to negotiate a random key)
Nothing to see here... (Score:5, Insightful)
What fundamental principle of encryption are they breaking? If anything, a fundamental principle of encryption is that there can't be such a thing as a "secret key" if you're either putting it in the passport or if you're deploying it to everybody that needs to scan passports (remember DVD encryption?).
What's important is to have the data in the passport (along with the picture) digitally signed, in order to avoid tampering. The article claims that these passports are indeed signed and they didn't break the signature. Big surprise, since all they did was get a RFID reader and decrypt 3DES with the key right in front of them.
Don't see how you can... but anyway an exploit would be a problem with the reading software, not with the passports. And it could be more easily patched after deployment.
The article then presents some more valid points... but these have nothing to do with the basic encryption being broken. FUD mostly, surprise, surprise.
Re: (Score:3, Insightful)
Which part are you disputing?
The, "if you can read it you can clone it" part?
Or the, "you could use a cloned passport to exploit the system" part?
I think the first is obviously true.
I think the second only requires a small amount of imagination - clone a passport of someone who looks similar to you and you are good to go,
Re: (Score:3, Insightful)
You wouldn't even need to clone it for that... merely steal it. If agents inevitably start relying on the computer that's where the problem lies. The checking procedure could be designed in order to somehow "force" a visual ID.
There'
Re: (Score:2)
But if the passport is stolen, then it's possible for the rightful owner to report it as stolen, in which case when that similar looking person tries to use the passport to cross a border, the nice officer doesn't need to bother doing a visual check because the computer would signal t
Re: (Score:2)
Re: (Score:3, Insightful)
Yep - just think how often your credit card signature is actually checked against that on the slip. Over here in the UK we've moved to chip 'n PIN, but a couple of recent trips to America really shocked me - my signature was NEVER ch
Re: (Score:3, Interesting)
http://www.zug.com/pranks/credit/ [zug.com]
Re: (Score:2)
And thank god for that--I really don't need to be held up in line because some junior private eye behind the checkout counter thinks he's a hand
Re: (Score:2)
You could mandate a delay in authorizations (like Firefox does with downloads and extensions) during which the agent could check the face... you could have the agent's screen next to the window where the traveler is, so the photo would appear right next to the face... you could have the software take a pi
um, if you can copy the data (Score:2)
Re:Nothing to see here... (Score:5, Interesting)
(*)I don't know whether RFID chips are capable of implementing zero knowledge protocols (they require some computing power), but if they can handle 3DES, then the answer is probably yes.
Re: (Score:2, Informative)
all they have to do is verify the key. They don't have to do any heavy lifting.
Re: (Score:3, Interesting)
The machine readable zone wa
Re: (Score:2)
The entropy is a joke. Expiration date - what's the lifespan of a UK passport (don't have mine to hand, or I'd check)? That's your window for expiration date. Most people will replace passports before they expire, so you can even shorten that window. Not to mention, it's a date, which severely limits the number of valid values. Date of birth? A little harder; if you can see the person, you can get an idea of likely birth years
Re: (Score:2)
Even so, the spec goes on to mention that cracking the key still requires more effort than obtaining the less-sensitive infor
Re: (Score:2)
Re: (Score:2)
Okay, that you for showing you have no understanding of cryptography. The problem with DVD encryption is that is what a weak cipher. It is built on a 40-bit key (mistake one) and a stream cipher (potential
Re: (Score:2)
My understanding of cryptography is probably weak... yet I though that CSS was not broken because they cracked the weak cipher, but rather because whoever made the XING software DVD Player
WHY? (Score:2)
The world, QED.
Re: (Score:2)
Someone please give Red Moose a cookie.
fake passports in 911? (Score:5, Insightful)
Is this true? I had the impression that the 911 terrorists had valid ID, but I haven't read the 911 commssion report...
Can somone point me to some information confirming or disproving this assertion?
Re: (Score:2)
oh, you mean one of these terrorists http://news.bbc.co.uk/2/hi/middle_east/1559151.st
Re: (Score:2)
The hijackers, all but one, used authentice state issued identification in order to hide thier nationalities. However they did use fake passports to obtain that autentic ID.
The one who did not used this actual passport, again authentic.
It should be noted that a passport was not needed for the flights they were on(all internal to the US) but they needed some form of ID to prove who they were when at check in.
http://www.9-11commission.gov/report/911Report_No t es.htm [9-11commission.gov]
Re: (Score:2)
The article is missing one word. (Score:5, Insightful)
I believe the missing word is "yet".
As usual, it leaks (Score:3, Insightful)
I don't want to sound trollish, but the major force behind biometric passports worldwide is Homeland Security in USA: "You want visa free entrance to US? Make biometric passports!". Honestly, this is plain bullying.
Besides, if the border guard thinks the passport is "secure", then he'll spend less time thinking about that person and just rely on the big "OK" that pops on his screen when he swipes the thing instead of evaluating the person with his brain and guts.
TFA mentions brute-force protection. For a thing, like credit card, that can be replaced within 3-5 days, it's ok, but for a passport, that some joker "brute-forced" and now it is locked, it is really tragic, especially if You are away from home and this is Your only ID.
I think that the ID should be un-trivial to counterfeit. It should deter "common" people from tampering with it for some small, petty crimes. For well funded operations, obtaining a real passport isn't a problem - bribe the migration official and he issues You one on whatever name.
My slightly watered point is - ID should be used for "some" identification. Trust is a human thing and not machine solvable.
Heck, Your motherboard may be bugged right now by some weird conspiracy and no matter what security measures You take, such as bug sweeps or cable checks, You're screwed already since CIA and NSA and Mossad altered the CPU. It's a human thing.
Re: (Score:2)
Not really the plans for the electronic passport started in the 1990 by the UN's ICAO, the first set of written/approved plans came in early 2002, it was agreed to by the member of ICAO in 2004. In the agreement they said they would implement and require its use. The US got the members to move up the time table, and implement
Good (Score:2)
Good. I've been evaluated by the 'brain and guts' of a few immigration officials in my life and I haven't acquired much faith in the process. Better a flawed electronic system than a guy who just won't let you in because he doesn't like the way you look.
And this leads me to say (Score:2, Insightful)
Re: (Score:2)
Trivially simple fix : add a signed fingerprint (Score:3, Interesting)
Even if people were to succeed in faking it, a criminal (let's not go down the terrorist route for once) wouldn't be able to erase his old identity from the books without deep inside help, which would probably be noticed by too many people.
Re: (Score:2)
Re: (Score:2, Interesting)
"This doesn't matter" spin (Score:5, Insightful)
It matters a great deal because what they said couldn't be done can be done.
It transpired a couple of years ago that some models of the expensive Kryptonite bicycle lock could be opened with a BIC pen. The Kryptonite company could have spun this by saying "This doesn't matter, because the security expert who demonstrated this didn't really steal the bicycle, and bicycle owners actually keep their valuables in their safe deposit boxes."
What the Kryptonite company really did was acknowledge that this was a serious problem and recalled all the locks.
Would that the UK government addressed the security problem instead of the PR problem.
Re: (Score:2, Insightful)
Well, until a cloned passport successfully makes it through one of their scanners, we don't know that it can be done. One possibility (though it's probably giving them too much credit to have thought of this) is that the passports actually contain 2 sets of data: one that is readable using all of the known key (as discussed in the article), and a second set that is only readable via a secret key. The purpose of the known key it to p
two things (Score:3, Insightful)
The key idea then is that the chip never sends the secret directly, so a cloner could never guess it, even if it could issue an unlimited number of challenges to the original chip. And without the secret, it cannot produce a clone that would authenticate.
So in short to clone the chip you need more than the chip, you need to compromise the manufacturer of the system to get the secret.
Re: (Score:2)
Re: (Score:3, Insightful)
2. In the case of basic access control, as specified by ICAO, being able to read the chip means that you are able to clone the chip. It's a weakness i
CRACKERS!! (Score:2)
Journal written by... (Score:2)
The one thing they get right and /. missreports! (Score:2, Interesting)
For once the experts got it right and realised the chips would always be copyable - and concentraited on making them unmodifiable!
The encription was only to stop people skiming your passpord whilst it is in your pocket (think Tin Foil Hat), and this has certanly not been broken. By using a unique key for each passport and not doing a centerilised lookup for each rea
People, people, people (Score:5, Informative)
The article states that if you can see the human-readable part of the passport, or even just take a good guess at the details, you can extract the rest of the data from the RFID chip -- and clone it. Encryption is used to ensure that nobody can eavesdrop on a transaction once initiated, but that doesn't help the fact that every transaction is presumed legitimate -- and the very nature of RFID means that you aren't always able to know that a transaction is taking place. If there isn't a human being checking passports, just a machine -- and one day, that is exactly how it will be -- one of those cloned RFID chips will be enough to get you past it.
Attempting to automate people out of the loop is asking for trouble, because we can always know what tests a machine is performing and falsify the results. Criminals are not stupid -- and smart people can often be bought. If the anticipated returns are high enough, you can be sure that someone will put up the stake. Security through obscurity is worse than no security, because it leads people to believe that their details are safe when they are not.
By the way, if you want to see how easy it is to commit identity theft, start here [google.co.uk].
Not Cracked, same FUD (Score:2, Insightful)
The passport functioned as designed. The only thing the key is designed to prevent is remote surreptitious downloading of the data from the chip. If you hand someone the passport, what sort of privacy do you expect?
Call me when they can successfully ALTER the chip data and create a valid digital signature. Merely copying the data won't help.
I Told You (Score:2)
http://it.slashdot.org/comments.pl?sid=206936&cid
Clueless (Score:3, Insightful)
As others above have stated, this is not "cracked" either and they are unable to change the data on the chip. Futhermore they need to read the inside page of the passport to "sniff" for the chip data. I would be happier however, with a contact card rather than contanctless....
Whats wrong with some kind of PKI? (Score:2)
As only the government would have the private part of the key, only the government can encrypt data that the processing machines can read (and for those who say the keys will be stolen, look at things like
So What? (Score:3, Insightful)
A brief analysis (Score:2, Informative)
Pointless (Score:2)
FUD (Score:3, Insightful)
As usual the journalist is confusing everything. What these bozos have done is just read the content of the RFID chip exactly in the same way a custom officer would have done: using the key which is *printed* on the passport !
Basically this chip do what it has been designed for: improve the difficulty to create fake passports.
Now of course you have always some neo-luddites like those who are spreading FUD in order to sway opinions who will never read the details of the article and just remember the passports have been "cracked"
Pityfull
Enlighten me (Score:2)
If this were designed by Slashdot (Score:3, Funny)
Re:Great articel (Score:5, Funny)
Re: (Score:2)
Re:Another DRM? (Score:4, Informative)
Re: (Score:3, Insightful)
Re: (Score:2, Insightful)
But just look at history. A better choice always takes more time to create, and is more expensive to design and implement, but in the long run it pays off much better. Take Unix, most of RSA's products, etc. There's no short cut to success, there is no overnight solution. Its just that a lot of people with power can't simply realize that common fact. ....
Well, to whoever said common sense was common
Re:Another DRM? (Score:5, Insightful)
They wish to establish a world where all people can be instantly identified, correlated with commercial profiles, and tracked wherever they travel.
How can this be done "securely"? It cannot.
Let's assume you get these politicians to understand some basics of encryption and physical security (and good luck with that). So, you now have a system where all people can be instantly identified and tracked by the government. Secure from... what, exactly? Secure from being tracked by unauthorized people?
Who is unauthorized, and why? I certainly have no say in who gets authorized to track me. Thousands or hundreds of thousands of random workers have access to the "authorized" level. This doesn't sound very "secure" to me.
It's like an electrocution collar you get to wear around town, "secure" in the knowledge that its encryption protocol is flawless. The only people who can activate it are from the police department, or friends of police officers, or people who sneak into the police building and use a computer there when nobody's looking. It is secure, and cannot be triggered except from the police station. Yet, in the broader sense of security, the mere fact of the collar's existence around my neck is the absolute opposite of security.
It doesn't really matter how secure they make the algorithms. A system whose purpose is to authoritatively track and identify all individual humans "from above" is insecure, by definition.
Re: (Score:3, Interesting)
True - provided you're trying to get Alice to talk to Bob! Those two know a thing or two about cryptography by know and can deal with keeping keys secret, using strong passwords etc.
It all gets rather harder if you're dealing with a huge messy system composed of hoardes of busy people who neither understand nor wish to understand the system. And that's just the immigration officers, never mind joe public!
The system that they
Re: (Score:3, Informative)
However, it turns out they made the same blunder that tyro users of computer systems everywhere do: they chose a key that was easy to guess.
From TFA:
Re:Another DRM? (Score:5, Insightful)
Re:Another DRM? (Score:4, Informative)
Re:I donno. (Score:5, Funny)