Biometric passports: increased risk of identity theft

[Satch]

And this is supposed to help?

Three million Britons have been issued with the new hi-tech passport, designed to frustrate terrorists and fraudsters. So why did (we) find it so easy to break the security codes?

"I was amazed that they made it so easy, the information contained in the chip is not encrypted, but to access it you have to start up an encrypted conversation between the reader and the RFID chip in the passport.

The reader - I bought one for £250 - has to say hello to the chip and tell it that it is authorised to make contact. The key to that is in the date of birth, etc. Once they communicate, the conversation is encrypted, but I wrote some software in about 48 hours that made sense of it.

The Home Office has adopted a very high encryption technology called 3DES - that is, to a military-level data-encryption standard times three. So they are using strong cryptography to prevent conversations between the passport and the reader being eavesdropped, but they are then breaking one of the fundamental principles of encryption by using non-secret information actually published in the passport to create a 'secret key'. That is the equivalent of installing a solid steel front door to your house and then putting the key under the mat."

"If you can read the chip, then you can clone it," he says. "You could use this to clone a passport that would exploit the system to illegally enter another country."

The Home Office insists that UK passports are secure and among the best in the world, but not everyone agrees. Last week, an EU-funded body entitled the Future of Identity in the Information Society (Fidis) issued a declaration on machine-readable travel documents such as RFID-chipped passports and ID cards. It said the technology was "poorly conceived" and added: "European governments have effectively forced citizens to adopt new ... documents which dramatically decrease their security and privacy and increase risk of identity theft."

http://www.guardian.co.uk/idcards/story/0,,1950226,00.html

 

[jwarren]

RFID technology is somewhat frightening in its own entirity. It is widely used by supermarkets etc abroad, and even in Holland some muppets have them implanted so when they go clubbing etc they swipe their arm at the door, and pay for their drinks by again swipe over the pad at the bar, the devices allow then the club etc withdraw from your account at set periods to pay for the items.

Tesco are soon to trial them here by the way they monitor what you buy etc and the RFIDs will then interact with you as you trawl the rows, highlighting certain prodcuts via in trolley monitors and lights integrated into shelves etc. They also have the capability of following you (they are meant to deactivate when you cross the stores threshold), most items have them hidden in packaging (clothes, cds etc).

Remember Chip and Pin - well that was cracked straightaway and large scale frauds are in this area (just recently a £2million fraud at a local garage due to this!).

A major phone company are testing biometrics implanted into the area near the ear so you can take and make phone calls without a handset.

And all are interceptable............ Government Agencies already have the ability to intercept your secure email, encrypted or otherwise, phone calls and cell logging (where you wander with your mobile). And with the possible introduction of the pay as you drive (Norwich Union for example) tracks where you go and when, with amazing accuracy...... wrong hands etc

Now, I am not advocating that we should make it easy for the criminal fraternity etc, but their has to be a fundamental right to move freely without interference.

George Orwell was right......

Ever since we opened the borders (EU) - what chance to we have!

It is so easy to steal an identity these days, from snippets of personal info you can build a picture. and sites like, YouTube and FriendsReunited have been fantastic for the fraudster to build up a history!!!

 

[Benzowner]

I maybe wrong and maybe a little naive, but surely, identity theft was going on decades ago, the only difference now is that it is electronic based instead of paper based. Forged passports etc are not new and ID cards were forged during WWII so why are we now getting more paranoid over the issue? We will never stop the criminal no matter what smoke screen we put up. Just my opinion.

 

[miro]

You are only at risk if you go outside or speak to others. Living as a poor person in the third world may well be the highest level security there is.

Not only can you move without being tracked, most of the world would never care about where you are or what you want to eat.

 

[jwarren]

Ahh, ID fraud may have been going on for years (Remember the Trojan Horse!!), but now with open borders, ease of travel and the ease in undertaking offshore frauds it is a growth industry, forget arms / drugs etc, the major crime syndicates now have IT departments so to speak in evolving new scamming techniques.

Even in the third world their are training schools in teaching how to defraud the benefits sytem in the UK for example.

I have just recently investigated an iraqi individual who stole the ID of a medic killed on the fontline and then came to the UK under that identity.

We all love the films such as "the great escape" where false papers were made to evade capture, its just higher tech now and that many people are very unaware or innocent on what capacity their home pcs can do, and how easy it is to hijack info. Many gangs use "off the shelf" backdoor software to capture info. Even had many a case where "keyloggers" have been placed in between the keyboard USB/PS2 slot and recording all your info, mainly in corporate offices etc.

In my past life I even used to acquire rubbish from targets to gleam information (this was in an offical capacity I quickly hasten to add!!!) so it isnt something new, even though recent awareness of bin bandits banks still lob out info (recent BBCTV Watchdog for one only had shown this last week!)