Don't become a guinea pig for passport security ch : Task Force 3

Date: September 20, 2006
Source: San Jose Mercury News
Title: “Don't become a guinea pig for passport security chips”
Author: Bruce Schneier

Summary: Schneier believes that the “proximity” chip used in the e-Passport can be read without the holder’s knowledge at a distance of “many feet” at places where it is legitimately read (eg hotels, banks, Internet cafes). He refers to the cloning of chips, and the identification of individual chips via unique characteristics of the radio transmissions. He is concerned that discovered security “flaws” could be a precursor of more flaws to be discovered during the 10 year lifetime of the e-Passport.

Our response: Schneier may be confusing unauthorized reading with eavesdropping, however the former is not possible without knowledge of the BAC key. Eavesdropping is still not trivial as the BAC must be overcome afterwards. The response by Archey and Signorino addresses most of these concerns.

http://www.mercurynews.com/mld/mercurynews/news/opinion/15562298.htm

Archey and Signorino response at:
http://www.mercurynews.com/mld/mercurynews/news/opinion/15637460.htm