| |||||||||||||
|
| |||||||||||||
Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses (DarkReading)Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses (DarkReading)Posted Feb 5, 2009 8:27 UTC (Thu) by michaeljt (subscriber, #39183)In reply to: Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses (DarkReading) by anselm Parent article: Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses (DarkReading)
I suppose if you need more data than you can comfortably encode in a 3D bar code on the passport then yes. I'm not sure for what valid reason people would want to store that much information on my passport.
(Log in to post comments)
Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses (DarkReading) Posted Feb 5, 2009 8:57 UTC (Thu) by anselm (subscriber, #2796) [Link] I'm not sure for what valid reason people would want to store that much information on my passport. Think »fingerprints and pictures«. (I don't know whether that counts as »valid« from your POV but that's what they would like to do, anyway. And if they must store that sort of thing at all then the passport is probably a better place than a big central database — even though chances are they'll put it on the passport and in the database while they're at it ...)
Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses (DarkReading) Posted Feb 5, 2009 9:28 UTC (Thu) by michaeljt (subscriber, #39183) [Link]
My passport already has that information (fingerprint and photo with biometric information) printed on it and readable by an optical scanner. Perhaps I am just nitpicking at your examples, but those ones don't convince me.
Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses (DarkReading) Posted Feb 5, 2009 10:11 UTC (Thu) by anselm (subscriber, #2796) [Link] Hey, I'm not the one in favour of RFID passports. I'd much rather do without, too, thank you very much. However, chances are that if they have one picture and fingerprint today, next year they will decide that to keep us all safe they need all ten finger prints, a retinal scan, and a dump of your genome on top of the rest. Whatever. Remember that this is security theatre — it doesn't have to make sense from a practical POV. At some point all that stuff is no longer going to fit on a passport in printed form, and once we get there, I personally would like to see it stored in a way that is not accessible to everybody and their dog who can operate a $250 RFID scanner somewhere within 20 metres of where I stand.
Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses (DarkReading) Posted Feb 8, 2009 16:19 UTC (Sun) by anton (guest, #25547) [Link] I'm not sure for what valid reason people would want to store that much information on my passport.My guess is that the reason for RFID passports is that various manufacturers want to sell more equipment to governments and therefore lobbied for that. Also, they want to make more revenue with passports (the price has gone up considerably). There is obviously no technical reason to have RFID passports, as my new RFID passport came with information that said that the passport is still valid and has to be accepted everywhere as a passport if the RFID part is broken. They also gave instructions on how to break it (not overtly; they actually told me not to do these things).
Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses (DarkReading) Posted Feb 8, 2009 19:04 UTC (Sun) by anselm (subscriber, #2796) [Link] If they feel they must store all sorts of identifying data about me, then I say by all means do it on my passport rather than in a big government database that can be cracked into, stolen, sold, mislaid, or otherwise messed around with. If, say, my fingerprint images are on the passport rather than in a central database, there is less chance of clever crackers either replacing my fingerprints by theirs in order to pretend they are I, or else use my fingerprint data to create fake fingerprints to frame me for something I didn't actually do. However, don't forget that this is all security theatre, anyway. RFID passports certainly aren't about making the world a safer place, so your point about the equipment manufactures sounds eminently reasonable to me.
|
|
||||||||||||