Article 3GKX0 US Customs and Border Patrol made forging e-passports easier

US Customs and Border Patrol made forging e-passports easier

by
Jason Weisberger
from on (#3GKX0)

customs.jpg

One of the things that make every RFID implanted US Passport 'safe' is each document's unique cryptographic identifier. Customs and Border Patrol can use this key to verify the authenticity of each passport, if they'd bother to install the software to do so.

For 12 years they have not.

Via Wired:

Passports, like any physical ID, can be altered and forged. That's partly why for the last 11 years the United States has put RFID chips in the back panel of its passports, creating so-called e-Passports. The chip stores your passport information-like name, date of birth, passport number, your photo, and even a biometric identifier-for quick, machine-readable border checks. And while e-Passports also store a cryptographic signature to prevent tampering or forgeries, it turns out that despite having over a decade to do so, US Customs and Border Protection hasn't deployed the software needed to actually verify it.

This means that since as far back as 2006, a skilled hacker could alter the data on an e-Passport chip-like the name, photo, or expiration date-without fear that signature verification would alert a border agent to the changes. That could theoretically be enough to slip into countries that allow all-electronic border checks, or even to get past a border patrol agent into the US.

...and they need a wall.

External Content
Source RSS or Atom Feed
Feed Location http://boingboing.net/rss
Feed Title
Feed Link http://boingboing.net/
Reply 0 comments