[e-privacy] Clonati i passaporti elettronici inglesi

[Nomen Nescio]

http://www.schneier.com/blog/archives/2008/08/uk_electronic_p.html
http://www.timesonline.co.uk/tol/news/uk/crime/article4467106.ece

New microchipped passports designed to be foolproof against
identity theft can be cloned and manipulated in minutes and
accepted as genuine by the computer software recommended
for use at international airports.

Tests for The Times exposed security flaws in the
microchips introduced to protect against terrorism and
organised crime. The flaws also undermine claims that 3,000
blank passports stolen last week were worthless because
they could not be forged.

In the tests, a computer researcher cloned the chips on two
British passports and implanted digital images of Osama
bin Laden and a suicide bomber. The altered chips were then
passed as genuine by passport reader software used by the
UN agency that sets standards for e-passports.

The Home Office has always argued that faked chips would
be spotted at border checkpoints because they would not
match key codes when checked against an international
data-base. But only ten of the forty-five countries with
e-passports have signed up to the Public Key Directory
(PKD) code system, and only five are using it. Britain
is a member but will not use the directory before next
year. Even then, the system will be fully secure only if
every e-passport country has joined.