Despite the recent press attention to the launch of ‘biometric’ passports, not many reporters have focused on the fact that these new passports seem to include Radio Frequency ID (RFID) chips. From the Department of Foreign Affairs website (link)
“The chip technology allows the information stored in an Electronic Passport to be read by special chip readers at a close distance.”
The technology the Department of Foreign Affairs chose to protect the information in the chip from being read remotely (eavesdropped) by anyone within 5 metres (15 feet) is called Basic Access Control (BAC).
Basic Access Control is used by other countries, such as the Netherlands to protect their RFID Passports from eavesdroppers. However, a Dutch security testing lab called Riscure has examined the reliability of BAC and found that it is quite possible for a determined eavesdropper to break the control with a handheld reader, and an ordinary PC from within 5 metres. (Slides outlining this attack method)
The Department of Foreign Affairs has confirmed to DRI that the new RFID passports are not issued with sequential numbers, which increases the security of the chip. However the US, which also uses BAC, has gone further by placing shielding equipment in the covers of the passports (essentially a metal foil layer).
“To further protect against skimming, the U.S. e-passport will include a shielding material in the passport cover that will make unauthorized reading of the passport very difficult from any appreciable distance as long as the passport is closed.” http://travel.state.gov/passport/eppt/eppt_2788.html
We will be enquiring as to whether the Department of Foreign Affairs intends to do likewise and attempt to keep our members informed. If any or our members or readers would like to contact us on this topic, or offer their help or expertise in addressing it contact Bernard Tyers at the contacts given here.
While skimming is a major concern, I seem to remember the larger concern in the US being that the data that can be skimmed isn’t encrypted. Is the data on the Irish passports encrypted?
The Riscure slides are interesting, but I’ve spotted item of interest in their reasoning when appied to the Irish situation.
They assume that the expiry date is within a 5 year window, giving 5 * 365 permutations. Given that the Irish ePassport was launched recently and that Irish passports are normally valid for 10 years, the search space for the expiry date is vastly reduced (to
If you put the new passport in the microwave for a quick blast, you’ll be safe from remote skimmers – unless Ahern insists you replace it. Anyone know if the Dept. will honor RFID passports that CAN’T be read?
I rushed to apply for a non-RFID passport before the 26th Ocotber deadline, but I have been informed by the passport office that they received, and started issuing, the RFID epassports last Monday 16th, and no other is now available to me.
I quote Minister for Foreign Affairs, Dermot Ahern T.D. from a press release on the dfa.ie website as above. “I am confident that Ireland will meet the US deadline. I must emphasise that Irish passports, produced before the October deadline, will not be affected. Only those passports issued after the 26 th of October this year are covered by the new regulations.”
Having raised the breaching of this with the passport office they have promised to follow it up, although I can’t imagine anything coming from it. The woman I spoke to was very helpful, and even listened to my views on the insecurity of the system, the lack of shielding such as the U.S. uses etc.
Interesting to note that in the same press release the minister welcomes “the record increase in passport applications” – a 11.5% increase in the number of passports issued in Ireland in the first quarter of 2006. It will be interesting to see if this is a general trend, or relates to people trying to avoid epassports. Either way, I just wish I had been one of them.
Ding!
this is out of control, we’re now entering into a one world government with rfid’s in people… a cashless society, a complete lock down control grid which power will be consolidated like no other….. this is very dangerous… it’s the real 1984