[19835] in cryptography@c2.net mail archive
Re: Face and fingerprints swiped in Dutch biometric passport crack (anothercard skim vulnerability)
daemon@ATHENA.MIT.EDU (Adam Shostack)
Thu Feb 2 17:43:06 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 2 Feb 2006 12:37:24 -0500
From: Adam Shostack <adam@homeport.org>
To: vin@TheWorld.com
Cc: Anne & Lynn Wheeler <lynn@garlic.com>, cryptography@metzdowd.com
In-Reply-To: <3722.206.15.129.44.1138820590.squirrel@www.TheWorld.com>
On Wed, Feb 01, 2006 at 02:03:10PM -0500, vin@TheWorld.com wrote:
| Anne & Lynn Wheeler pointed out:
|
| > Face and fingerprints swiped in Dutch biometric passport crack
| > http://www.theregister.co.uk/2006/01/30/dutch_biometric_passport_crack/
|
| Didn't the EU adopt the same design that the US uses?
Passport standards are written by the International Air Travel
Association (IATA).
| Am I right to presume that the passport RFID chip used by the Dutch is the
| same -- or functions the same -- as the one used in the new US digital
| passports?
|
| >From what I've read, it seems that the sequential numbering scheme the
| Dutch use on their passports may have made this attack easier -- but it
| was already feasible, and will be against the passports of other nations
| which did not so helpfully minimize their obfuscation technique with
| sequential numbering?
|
| Anyone got more details than those offered in the Rinscure press release?
| Thoughts?
The papers explain the attack in fair detail. I blogged every useful
linksI could find a few days ago at
http://www.emergentchaos.com/archives/002355.html, and there's more
links in comments.
Adam
| _Vin
|
|
| >
| > The crack is attributed to Delft smartcard security specialist Riscure,
| > which explains that an attack can be executed from around 10 metres and
| > the security broken, revealing date of birth, facial image and
| > fingerprint, in around two hours.
| >
| > .. snip ..
|
|
| ---------------------------------------------------------------------
| The Cryptography Mailing List
| Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
