Bill’s Security Blog

As reported on the eWeek Security blog:

Digital Passports Land in U.S.
…
Right now, the only people receiving the new passports, which are embedded with an RFID chip that contains full passport information, including the photo, are only going to people served by the Passport Agency in Aurora, Colo.

A State Department spokesperson told eWEEK that the department plans to issue tourist e-passports at all of its domestic passport agencies by the end of 2006.

http://www.eweek.com/article2/0,1759,2005049,00.asp

We already know that RFID tags can be read from great distances. Supposedly these passports would have some kind of RF shielding, but who knows.

We also know that RFID is susceptible to MITM attacks unless an encryption mechanism is successfully implemented. But I haven’t heard that our passports will use anything like that.

Imagine walking through an airport with an RFID scanner, or getting through security by hijacking another passengers verification session?

The big worry here is that customs agents will begin trusting the device, the “technology” and not relying on good old-fashioned common sense.

Does the cost justify the security? I think this is another example where we are “appearing” to do something positive for security, but in reality, we are accomplishing nothing.

Bill

This entry was posted on Saturday, September 9th, 2006 at 11:18 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.