back to article Crypto boffins urge Belgium to withdraw early ePassports

RFID passports from Belgium remained flawed almost three years into their introduction, according to a study by cryptographic researchers. The Belgian ePassports, now in their second generation, lack effective security features that would prevent sensitive data on microchips from being read surreptitiously. Analysis by security …


This topic is closed for new posts.
  1. g lane

    Here we go again

    Why is there this huge desire for contact-less data transfer from passports? The banking industry seem to have no problems with credit and debit cards using physical contacts and the cards and readers have a much harder life than passports.

  2. Anonymous Coward
    Anonymous Coward

    Unshielded RFIDs get damaged sooner..

    If a passport RFID is not shielded by the "tinfoil hat" approach the US uses, the RFID may get damaged sooner as it's also not protected against any stray radiation of, say, a microwave transmission dish..

    No points for guessing which other sources of radiation may cause "accidental" destruction..

  3. Dillon Pyron

    re: Here we go again

    Physical contact? Both Visa and MasterCard have "touch & go" cards that have been shown capable of being read at a distance. And the Exxon Speedpass is outrageously easy to read.

    But that's only money, not my entire life.

  4. MattCasters

    Prestige project

    It was a prestige project of the "purple" governement led by the liberal Guy Verhofstadt. It was in-line with his grand project and vision to bring Belgium into the 21st century.

    Most people in the ICT industry know that if you're an early adopter in this game, you pay dearly. And so Mr Verhofstadt did. The parties that led the country for the last 8 years lost around 15% in the elections today and he stepped down.

  5. Anonymous Coward
    Anonymous Coward

    Technology for technology's sake

    I love technology, but I'm old enough to know that sometimes technology does not provide the best answer. There will be a great deal of time, effort and (most importantly) taxpayers' money spent on such white elephant schemes. It's not just the £3bn on the ID card scheme (for example), but the on-going maintenance. I haven't got the figures to hand, but I do know that the cost of a passport has sky-rocketed because of all of the hackable extra technology that's now going into it.

    I get the feeling that it's more about people's egos than the efficacy of a particular system or technology: how can you possibly defend an ePassport with a validity of 10 years, but a warranty of only 2 years?

    In short; expensive, ineffective and ludicrous. Still, I don't doubt that the 50% of us who do bother voting (without the need for eVoting, mobile phones and yet more hackable technology) will end up electing some other equally ineffective, hypocritical monkeys into power who'll continue with this technological money pit.

    For crying out loud - can anyone give us any hope at all (or am I just having a bad Monday?) ?!?

  6. Anonymous Coward
    Anonymous Coward

    There is no hope

    "For crying out loud - can anyone give us any hope at all (or am I just having a bad Monday?) ?!?"

    Hope is for the weak and non thinking voter.

    anyone who thinks about anythign realises we have no hope as the government has been allowed to go to far down the we own you route already.

    We have very few freedoms left and some shortsighted sheople are already screaming that we should microchip every single kid just incase they want to abandon them so they can go out and get pissed but then it will all be ok because by then they will finally admit big brother is watching.

  7. Anonymous Coward
    Anonymous Coward

    Re: "how can you possibly defend an ePassport with a validity of 10 years"

    actually, the correct (but unhelpful) answer to the phrase "how can you possibly defend an ePassport with a validity of 10 years, but a warranty of only 2 years?" is (and I'm typing this from inside an 'RFID' testing laboratory) is that there is a trend to making the documents valid for only 5 years!

    The user biometrics are better when consumed fresh.

    there is quite a reasonable argument that late 2007 - early 2008 is an ****extremely good time**** to acquire oneself a nice new basic biometric ten year passport, yes it is fractionally invasive in terms of privacy, its a tiny bit hackable with the simple MRZ key, the RFID/NFC might not work after 2 years - but you're currently not (yet) required to replace the ePass (don't use a microwave....) if it stops being an ePass and just becomes a Passport.

    However the next generation of ePass is being designed with much better security algorithms, which are needed for the much more detailed user enrollment and advanced biometric content and possibly the 5 year validity will come into play like in Switzerland, Greece, Canada, Hungary......

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2022