Elvis, your e-passport is ready!

E-passports not only threaten your personal safety traveling, the RFID chips are easy to clone and fake. How easy?
Written by Robin Harris, Contributor

E-passports not only threaten your personal safety traveling, the RFID chips are easy to clone and fake. How easy? Here's the picture of Elvis Presley's e-passport:

The photo is taken from a passport scanner at a Dutch airport - no alarms or errors. But let's look on the bright side: some salesman is making millions and some former bureaucrats have cushy gigs with RFID consultants.

Feel better now?

The Hacker's Choice, that gen'd up the Elvis passport chip, tells you how to do it. The fake e-passport chip business is just starting: get in on the ground floor!

But wait: it gets better! In theory the RFID passports improve security - uh-huh - and are faster to process. The first is laughable; the second not much better. Why?

The e-passport still has to be opened to confirm that what the chips says is also what the printed passport says. How is that faster?

What is faster are the new RFID chipped ID cards for border crossings: they broadcast their unencrypted info for 10 meters or more. Wow!

And you know the nifty key Speed Pass that buys gas? They've been hacked too.

But for the larcenous nothing beats RFID credit cards. They can be hacked for $8 from a foot or more away.

The Storage Bits take RFID are great for their original application: tracking goods in a warehouse. But they are horribly insecure for financial and identity applications.

There may be some workarounds. If the immigration agent's terminal queried a central database that brought up a 2nd photo not on the passport, then we could be fairly certain that it wasn't a forgery.

Another alternative: optical - not radio - data storage and encryption. A bar code scanner on a microscope could read tiny barcodes embedded in your photo - a concept not unlike the Dataglyphs developed at Xerox PARC.

The larger point is that RFID passports, drivers licenses, credit cards and other identity documents are a Bad Idea. We KNOW that techno-criminals are ripping off people on the web. Why won't these same people move on to RFID when the economics make sense?

And when there are hundreds of millions RFID documents circulating, we won't be able to issue a patch and fix the hole in a few weeks. No, these holes will be open for years. Good luck with that.

Comments welcome, of course. Want another view? The Economist magazine offers Why chips in passports and ID cards are a stupid idea. OK, it isn't so different, but worth a read.

Editorial standards