Face and fingerprints swiped in Dutch biometric passport crack (anothercard skim vulnerability)
Adam Shostack
adam at homeport.org
Thu Feb 2 12:37:24 EST 2006
On Wed, Feb 01, 2006 at 02:03:10PM -0500, vin at TheWorld.com wrote:
| Anne & Lynn Wheeler pointed out:
|
| > Face and fingerprints swiped in Dutch biometric passport crack
| > http://www.theregister.co.uk/2006/01/30/dutch_biometric_passport_crack/
|
| Didn't the EU adopt the same design that the US uses?
Passport standards are written by the International Air Travel
Association (IATA).
| Am I right to presume that the passport RFID chip used by the Dutch is the
| same -- or functions the same -- as the one used in the new US digital
| passports?
|
| >From what I've read, it seems that the sequential numbering scheme the
| Dutch use on their passports may have made this attack easier -- but it
| was already feasible, and will be against the passports of other nations
| which did not so helpfully minimize their obfuscation technique with
| sequential numbering?
|
| Anyone got more details than those offered in the Rinscure press release?
| Thoughts?
The papers explain the attack in fair detail. I blogged every useful
linksI could find a few days ago at
http://www.emergentchaos.com/archives/002355.html, and there's more
links in comments.
Adam
| _Vin
|
|
| >
| > The crack is attributed to Delft smartcard security specialist Riscure,
| > which explains that an attack can be executed from around 10 metres and
| > the security broken, revealing date of birth, facial image and
| > fingerprint, in around two hours.
| >
| > .. snip ..
|
|
| ---------------------------------------------------------------------
| The Cryptography Mailing List
| Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list