CFO Expectations of IT

Follow us

« previous article | next article in Technology »

UK RFID passport chip cracked

Security expert finds invisible hack

By | Published: 17:00 GMT,

Related Content

News

Features

Opinion and Debate

A security expert has cracked one of the UK's new biometric passports, which the British government hopes will increase security.

The attack, which uses a common RFID (radio frequency identification) reader and customised code, siphoned data off an RFID chip from a passport in a sealed envelope, said Adam Laurie, a security consultant who has worked with RFID and Bluetooth technology. The attack would be invisible to victims, he said.

"That's the really scary thing," said Laurie, whose work was detailed in the the Mail on Sunday newspaper. "There's no evidence of tampering. They're not going to report something has happened because they don't know."

The British government, which began issuing RFID passports about a year ago, eventually wants to incorporate fingerprints and other biometric data on the chips, although privacy activists are concerned over how data will be stored and handled.

Currently, the chip contains the printed details on the passports, the person's photograph and security technology to detect if those files have been altered.

Registration is free, and gives you full access to our extensive white paper library, case studies & analysis, downloads & speciality areas, and more.

The attack was executed while the passport was still in its original envelope used to send it from the passport service, since RFID chips can be read from a few inches away, Laurie said. He used a passport ordered by a woman affiliated with No2ID, a group that opposes the UK's biometric passport and ID card programmes.

The data on the passport's chip is locked until an RFID reader provides the encryption key, Laurie said. The encryption key is calculated using a combination of the person's personal data, such as date of birth, and is contained in the "machine-readable zone" (MRZ) – the string of characters and digits on the bottom of the passport's first page.

At an immigration desk, the optical character reader scans the MRZ and gets the key. The RFID chip is unlocked, and the information on the chip is matched with that on the passport.

However, Laurie was able to do this process himself. He analysed ICAO 9303, the standard from the International Civil Aviation Organisation that been adopted worldwide for machine-readable passports, to see how the MRZ is organised.

[ 1 ] [ 2 ] continued on page 2 »

Email Updates

CIO Newsletters: Expert insight, advice and tools for technology, business, leadership and the CIO career.

Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

CIO White Papers

The cloud 2015 vision

Cloud computing is an important transition and a paradigm shift in IT services delivery - one that promises large gains in efficiency and flexibility at a time when demands on data centers are growing exponentially. The tools, building blocks, solutions, and best practices for cloud computing are evolving and challenges to deploying cloud solutions need to be considered.

The consumerisation of technology

iPads are the must-have fad. Android is the rising mobile platform -- Everywhere you turn, the news is about personal, smart, mobile devices and their impact on business and on IT.

Big data analytics

Broadly, there are two ways to think of Big Data technologies. The first is as an extension of what many organisations are already doing with business analytics. Gaining insight from business information is something that has been happening for decades, but the challenges and opportunities are now greater than ever before.

Virtualisation: benefits, challenges and solutions

The majority of organisations have already implemented server virtualisation and most intend to implement additional server virtualisation during the next year. The primary factors driving the movement to deploy server virtualisation are cost savings and the ability to dynamically provision and move VMs among physical servers. There are however, a number of significant challenges associated with server virtualisation.

CIO UK - Business - Technology - Leadership

On Demand Webcast
Analyse Data In Real Time


Increasingly businesses require the ability to analyse information quickly. Find out how to handle growing data volumes more efficiently while reducing the cost of managing your organisation's IT landscape

Watch now

SAP Logo

What do CFOs expect from IT?


Watch our sister publication's latest webcast.
Hear a case study from the Guardian News and Media's Technology Director, Andy Beale, and join the discussion on the role of the CFO in technology innovation.

Watch Discussion

CFO World webcast in assocation with Google

On Demand Webcast:
Maximising business flexibility with virtualisation


Register for this on demand webcast and find out how technologies can enable cost effective and secure virtualisation from your server deployments.



Watch now

Dell VMware logo

CFO Expectations of IT

* *