Tuesday, August 11, 2009

Hackers Crack UK's National ID Card in 12 Minutes

The following article is from Eastman's Online Genealogy Newsletter and is copyright by Richard W. Eastman. It is re-published here with the permission of the author. Information about the newsletter is available at http://www.eogn.com.

The U.K.'s new National ID cards are supposed to be "unforgeable." Embedded inside the card is a microchip with the details of its bearer held in electronic form: name, date of birth, physical characteristics, fingerprints and so on, together with other information such as immigration status and whether the holder is entitled to State benefits. Unforgeable or not, Adam Laurie successfully forged one in twelve minutes.

I wrote recently (at http://blog.eogn.com/eastmans_online_genealogy/2009/07/an-rfid-chip-in-your-pocket-is-broadcasting-your-personal-identity-information.html) about some of the security concerns with the new U.S. passports and PASS (People Access Security Service) cards. A security expert was able to drive around a city and read some information from those documents in the pockets and purses of people nearby, even though that security expert never left his automobile. While the information he was able to obtain was limited, he did obtain the unique serial numbers of the RFID chips embedded in those documents.

Now computer expert Adam Laurie, technical director of the London security and networking firm The Bunker, was able to clone RFID chips embedded in the prospective national ID card being issued to foreign nationals in the United Kingdom.

This time the security expert did not obtain "limited information." Information included on the chip includes physical details of the recipient, name, fingerprints, among other personal details. The information was easily changed and copied to new, forged documents. After rewriting the data on the card, Laurie reversed the bearer's status from 'not entitled to benefits' to 'entitled to benefits.' Adam Laurie then created a new, forged document that would have passed all the electronic verification tests. He performed all this in front of reporters from the Daily Mail newspaper.

The time required? 12 minutes from beginning to end. The equipment? A Nokia mobile phone and a laptop computer. Both were unmodified units that you can buy in most any electronics store.

The RFID chip has room for text notes that will be visible to any security official who scans the card. Adam Laurie added the following text to the newly-created card's RFID chip: "I am a terrorist - shoot on sight."

You can read more at http://www.dailymail.co.uk/news/article-1204641/New-ID-cards-supposed-unforgeable--took-expert-12-minutes-clone-programme-false-data.html#

What's in YOUR wallet?

Fayette Front Page
Georgia Front Page
Arts Across Georgia

No comments: