Tuesday, January 31, 2006

Researchers crack Dutch biometric passport security

John Lettice writes that a security company, Riscure BV, have cracked the security of the Dutch biometric passport and say the "attack can be executed only within a distance of 10 meters of a passport in use."

Meanwhile Lettice has also been making fun of ID card minister Andy Burnham again. He suggests 'RFID tag' are rude words which the minister refuses to say, since he has a better alternative, 'contactless, proximity chip vendors.'

"For over six months now Burnham, pursued doggedly by MP and ID card opponent Lynne Jones, has been peddling the bizarre conceit that RFID and 'contactless' or 'proximity' chips are entirely different beasts. So, in July, he confirmed that for the UK ID card to be used as a travel document in Europe, "the card will need to meet standards established by the International Civil Aviation Organisation (ICAO), which require the card to be contactless".* Presuming the information will not be moving across the air gap between the card and the reader using, say, smell, it's pretty obvious how that works, isn't it?

The contactless chips that will be used in ID cards and passports are amazingly like RFID tags. Place an RFID tag in the vicinity of a reader, and the reader can read data from it. Place an ID card or a passport in the vicinity of a reader and... you get the idea. Proponents and vendors of biometric ID however have noted that the general public seems to have some kind of privacy issue with the term "RFID", for some reason fearing that RFID ID documents involve them becoming tagged and monitored crates in the homeland security industry's supply chain. So, as Wired explained last year, the strangely RFID-like chips in biometric ID are instead to be called contactless or proximity chips."

No comments: