Global RFID Passport Encryption standard cracked in 2 hours |
Friday February 3, 2006 2:48 PM CST - By: Dave White
| |
|
|
  One big hit to the public confidence in RFID has come from the Netherlands, where a security firm partnered with a TV program to successfully decrypt a Dutch-prototype RFID passport.
In just two hours, officials from Riscure and "Nieuwslicht" intercepted, stored, and cracked the password encrypted on an RFID-tagged passport. The result was the virtual "undressing" of the passport, allowing the "hackers" access to the digitized fingerprint, the photograph, and all other encrypted and plain text data on the passport.
Why did this happen? What's wrong with RFID? Well, the second question has an answer for another article. The answer to the first question is this: The algorithm used to generate the secret key was eminently predictable. Turns out that the manufacturer issued keys sequentially and produced the encryption using only the person's birthdate and the passport number, expiration date and checksum.
Dutch officials will be going back to the drawing board in efforts to make the RFID passport encryptions more difficult to break. Clearly, officials in the U.S. should listen as well, since a massive plan this fall calls for all new American passports to have the exact same RFID tag and encryption scheme (which, by the way, is the current sorry excuse for a global standard).
Via register.co.uk
|
 Reader Ratings |
|
| This article has been rated 80% by 11 user(s).
|
|
Recent Headlines
HTC Refuses to Bring HTC Touch HD to United States- posted on Tuesday October 7, 2008 12:21 PM CDT
Rogers Swipes Nokia E71 Smartphone from Fido- posted on Tuesday October 7, 2008 12:06 PM CDT
PocketSurfer 2R Mobile Internet Device Comes with One Year of Free Service- posted on Tuesday October 7, 2008 11:58 AM CDT
T-Mobile Cameo Digital Picture Frame Supports MMS- posted on Tuesday October 7, 2008 11:51 AM CDT
Firefox Mobile Alpha Coming Very Soon- posted on Tuesday October 7, 2008 11:46 AM CDT
AMD Cuts Itself in Half, Suicide Watch Not Responsible- posted on Tuesday October 7, 2008 11:31 AM CDT
Android-Powered zzzPhone Ain't No Snoozer- posted on Tuesday October 7, 2008 11:24 AM CDT
Fido Can't Support All These Data Users- posted on Monday October 6, 2008 11:59 PM CDT
What is Sega Trying to Accomplish with Sega Vision?- posted on Monday October 6, 2008 6:05 PM CDT
Best Buy Expands Netbook Offerings with MSI Wind- posted on Monday October 6, 2008 4:24 PM CDT
Renault Megane Trophy Concept Declares That It's So Sporty- posted on Monday October 6, 2008 4:17 PM CDT
Be a Baller with Louis Vuitton iPhone Case- posted on Monday October 6, 2008 4:16 PM CDT
Knockoff iPod nano Sold as Real Thing at Wal-Mart- posted on Monday October 6, 2008 4:03 PM CDT
New Web Browser Included in Samsung Instinct Update- posted on Monday October 6, 2008 4:03 PM CDT
France Bombarded with Colorful HTC Touch Diamond Phones- posted on Monday October 6, 2008 3:59 PM CDT
Built-In Projector Found on China Mobile Phone- posted on Monday October 6, 2008 3:26 PM CDT
Japan's Nintendo DSi is Region-Locked- posted on Monday October 6, 2008 3:13 PM CDT
Sega Jumps Back into Hardware Game with Sega Vision- posted on Monday October 6, 2008 3:03 PM CDT
BlackBerry Storm Copy and Paste Revealed- posted on Monday October 6, 2008 2:56 PM CDT
Feature: Can Convergence Devices Still Be Categorized?- posted on Friday October 3, 2008 6:15 PM CDT
Japandroid: Google Android Invades Japan Next Year- posted on Friday October 3, 2008 3:18 PM CDT
Three Touchscreen + E90 Communicator = Best Nokia Ever- posted on Friday October 3, 2008 3:09 PM CDT
Samsung Names Dual-LCD Phone the Style Report- posted on Friday October 3, 2008 2:52 PM CDT
HP Oak Windows Mobile Smartphone Has Slide-Out QWERTY- posted on Friday October 3, 2008 2:47 PM CDT
Rogers/Fido Still Has $30/6GB Data Plan- posted on Friday October 3, 2008 2:41 PM CDT
|
|
|
|
XML Feed