Belgian ePassports a Security Liability: Experts
RFID: angel to some, demon to others*. For hackers, all of you who use a Radio-Frequency ID-enabled passport are just walking along the concourse with your personal info on a flash-card stapled to your forehead. These things are proven to be a security nightmare, as has been proven again and again (see article for citations).
RFID passports from Belgium remained flawed almost three years into their introduction, according to a study by cryptographic researchers.
The Belgian ePassports, now in their second generation, lack effective security features that would prevent sensitive data on microchips from being read surreptitiously. Analysis by security researchers from the Catholic University of Louvain (UCL) last month established that Belgian passports issued between the end of 2004 and July 2006 fail to include any technology that would prevent them from being read using off-the-shelf kit. The Louvain team uncovered evidence of shortcomings in the security measures included in more recently issued Belgian biometric passports.
Click here to find out more!
The researchers are calling on the Belgian government to withdraw first- generation biometric passports. They are also calling for changes to the security mechanism used by second-generation biometric passports that would make brute force attacks more difficult. The UCL team also wants Belgium and other EU governments to follow the lead of the USA and include a layer of foil that interferes with skimming attempts when the document is closed.
* I borrowed the tagline from Hellraiser...