Despite the recent press attention to the launch of ‘biometric’ passports, not many reporters have focused on the fact that these new passports seem to include Radio Frequency ID (RFID) chips. From the Department of Foreign Affairs website (link)
“The chip technology allows the information stored in an Electronic Passport to be read by special chip readers at a close distance.”
The technology the Department of Foreign Affairs chose to protect the information in the chip from being read remotely (eavesdropped) by anyone within 5 metres (15 feet) is called Basic Access Control (BAC).
Basic Access Control is used by other countries, such as the Netherlands to protect their RFID Passports from eavesdroppers. However, a Dutch security testing lab called Riscure has examined the reliability of BAC and found that it is quite possible for a determined eavesdropper to break the control with a handheld reader, and an ordinary PC from within 5 metres. (Slides outlining this attack method)
The Department of Foreign Affairs has confirmed to DRI that the new RFID passports are not issued with sequential numbers, which increases the security of the chip. However the US, which also uses BAC, has gone further by placing shielding equipment in the covers of the passports (essentially a metal foil layer).
“To further protect against skimming, the U.S. e-passport will include a shielding material in the passport cover that will make unauthorized reading of the passport very difficult from any appreciable distance as long as the passport is closed.” http://travel.state.gov/passport/eppt/eppt_2788.html
We will be enquiring as to whether the Department of Foreign Affairs intends to do likewise and attempt to keep our members informed. If any or our members or readers would like to contact us on this topic, or offer their help or expertise in addressing it contact Bernard Tyers at the contacts given here.