04:08 pm, 29 Nov 06
privacy snafu
EFF: British RFID Passports Easily Hacked. You'd think after everyone being so scared about these things they'd at least get the security right.
On the other hand, I sorta see this as a positive thing -- the more times people screw up these sorts of systems the more public outcry there will be about the next.
On the other hand, I sorta see this as a positive thing -- the more times people screw up these sorts of systems the more public outcry there will be about the next.
standards take a while to cook
Well, maybe they weren't given much room in which they were permitted to get the security right. I've been following RFID passports for a while as a security fuckup in the making, and it looks like it went something like this:- ICAO (international civil aviation organisation) decides to "tighten up" passport security requirements post-9/11, somehow, probably involving new technology to provide security pixie dust
- RFID industry lobbies US representatives heavily to get RFID involved: http://www.spychips.com/press-releases/gsa-document.html
- ICAO issues new standard requiring RFID and "Basic Access Control" authentication system, sometime in 2003 iirc
- Holland, UK, Ireland implement that standard (more countries to follow, no doubt)
- oops! standard found to be full of gaping holes.
Not a whole lot of wiggle room for the UK authorities there, esp since the standard was written 3 years ago :(
Hopefully this can be made more secure without breaking the standards compliance -- otherwise it'll be tinfoil wallets all 'round.