Hackers crack new biometric passports

Posted on by Philip Casey

It didn’t take long, did it? After years of warnings by journalists, particularly Karlin Lillington in The Irish Times and on her weblog, there is finally an (excellent) editorial in today’s Irish Times detailing the repressive data retention laws slipped past an almost empty Dáil some time ago. The Irish Times is unfortunately behind a [...]

It didn’t take long, did it?
After years of warnings by journalists, particularly Karlin Lillington in The Irish Times and on her weblog, there is finally an (excellent) editorial in today’s Irish Times detailing the repressive data retention laws slipped past an almost empty Dáil some time ago. The Irish Times is unfortunately behind a paywall, so I can’t link to it, but here is a quote:

How closely should a State monitor its citizens? Should it track every letter you send and receive? Should it fit you with a transmitter, broadcasting your location throughout the day? Should the library inform it of the books and magazines you read, and shops pass along details of items you browse and buy? If you contact the Samaritans, an Aids hotline, an alcoholism treatment programme, should the Garda and State be informed?

Most people would answer ‘No’. Ongoing, unwarranted surveillance of our daily activities is contrary to the very notion of living in a free and open democracy. Yet Ireland has in place a data retention law that permits the electronic equivalent of such surveillance, with plans to introduce an expansion on what can be gathered, held and examined, even for the most trivial misdemeanour.

Perhaps the issue has gained credibility in Ireland as privacy watchdog Digital Rights Ireland has launched a legal challenge on constitutional and human rights grounds in an attempt to halt the gathering and long-term storage of such data.

Meanwhile, the London Guardian has picked up on a WIRED News story that biometric passports (which can include information such as fingerprints, facial scans and iris patterns) have been hacked by Lukas Grunwald, a consultant with a German security company. I don’t think he’s the first to do so, actually. I seem to recall the technique being demonstrated on Dutch TV (on the web) some months ago. However, Herr Grunwald is getting a high profile at the Defcon security conference in Las Vegas, where he demonstrated that data can be transferred onto blank chips, which could then be implanted in fake passports, a flaw which he said undermined the project.
What he actually said was

“The whole passport design is totally brain damaged,” Grunwald says. “From my point of view all of these RFID passports are a huge waste of money. They’re not increasing security at all.”

Guardian Report

Wired News: Hackers Clone E-Passports

Wired News:US Lawmaker Rips RFID Passport Plans

Digital Rights Ireland

Karlin Lillington’s Irish and international data privacy issues

Comments are closed.