4 nov. 2008

Electronic ID are unsafe: ePassport emulator (+ video)

Here is another example to show your government doesn't give shit about you(r privacy).

This emulator applet allows you to create a backup of your own passport chip(s).

This enables an attacker to create a Passport with an
altered Picture, Name, DoB, Nationality and other credentials.

The manipulated information is displayed without any alarms going off.
The exploitation of this loophole is trivial and can be verified using
thc-epassport.

Regardless how good the intention of the government might have been, the
facts are that tested implementations of the ePassports Inspection System
are not secure.

http://freeworld.thc.org/thc-epassport/
related stories (aug 2008):
‘Fakeproof’ e-passport is cloned in minutes - Times Online http://www.timesonline.co.uk/tol/news/uk/crime/article4467106.ece
Device 'steals chip-and-pin data' http://news.bbc.co.uk/2/hi/business/7557956.stm
As for me, i'm staying away from any form of electronic ID system.

Geen opmerkingen: