Ireland now has RFID passports
Back in February, I wrote about some Dutch hackers remotely reading Dutch RFID passports, and my email to the Irish Passport Office enquiring about their plans.
They never bothered writing back; I guess they were too busy implementing the damn things :( Their new ‘ePassports’ are now mandatory for new Irish passports:
The chip technology allows the information stored in an Electronic Passport to be read by special chip readers at a close distance.
“special chip readers at a close distance” and/or “random criminals looking for Irish victims at a distance of 30 feet”, I guess.
Here’s the slides for Riscure’s attack on the Dutch passports. Irish passports are similarly using “Basic Access Control”. I wonder if Irish passport numbers are sequential, since that seems to be a key part of their attack?
Tags: epassports, hacking, ireland, passports, rfid, riscure
Ciaran O\'Riordan said,
October 18, 2006 @ 2:44 pm
I haven’t looked into this, but from what’s caught my peripheral vision, I think a layer or two of tinfoil is enough to protect against RFID readers.
I don’t see this discussed in those slides – pity there’s not a recording.
At WSIS 2005, where participants all has RFID tags badges, Richard Stallman started his speech by explaining this and offering his roll of tinfoil to the audience members: http://upload.wikimedia.org/wikipedia/commons/1/14/051118-WSIS.2005-Richard.Stallman.ogg
Justin said,
October 18, 2006 @ 2:56 pm
Ciaran –
Yep, tinfoil apparently shields RFID chips nicely.
in fact, I heard recently that the US plans to modify their passports to include a built-in layer of shielding — which is definitely an improvement, but makes me wonder what exactly was the point in adding the RFID chip in the first place?
Roger Shepherd said,
November 12, 2006 @ 8:24 pm
It seems like the whole EU is going this way. My UK passport is rfid (sorry – biometric).
See
http://bloggershepherd.blogspot.com/2006/09/new-passport-rfid.html
and
http://bloggershepherd.blogspot.com/2006/11/rfid-passport-redux.html
Roger