How much the government agencies of45 countries, which began issuing them to citizens, shouted about the advantages of electronic passports. They said that it is practically impossible to hack them, the data can only be read on special devices that troublemakers will never get their hands on, and then everything began to collapse.

First it turned out that the RFID chip signal can be jammed; then, at the Black Hat conference, remote unauthorized data retrieval was demonstrated, and now the last fictitious frontier is... The impossibility of hacking was broken.

Tests conducted by the British Times proved that the vaunted RFID chip in the passports of US and UK residents (who are now receiving them en masse) can be hacked and cloned in less than an hour. Two ordinary passports of average Britons were "opened", after which photos of Osama bin Laden and a suicide bomber were inserted in place of the owners' photographs (you can't deny a sense of humor). Moreover, the most interesting thing is that the uniqueness of both passports was confirmed by the same "special device".

Prior to this experiment, it was claimed that hacked chips could be detected, since their key codes would not match those entered into international databases. However, only 10 countries out of 45 participate in the Public Key Directory program, and only 5 of these 10 actually operate the program. But a photograph is one thing, and the owner's biometric data is quite another, but researchers believe that even this data can be manipulated without much effort.

As expected, the problems don't end there, but rather just begin.

An electronic passport has virtually no unique distinguishing symbols, making it difficult to counterfeit — this task is entrusted to biometrics. But if the data can be replaced, then it can be written in the same way into any "blank" or someone else's passport. And that's why those people from the London police who claimed that the 3,000 blank passports stolen last week were unusable have probably already prepared a bucket of ashes.

Besides, the Public Key Directory itself is more likely to add new problems than solve existing ones. The fact is that 35 countries that have not signed up for the program do not disclose the passport codes of their residents, which means that it is simply impossible to verify the uniqueness of an Estonian passport in the UK.

All this, of course, cannot please the residents of Russia, which is among the countries considering the widespread introduction of RFID-based passports. And given the fact that they are also planned to be used as passes, say, at work, this whole undertaking could have extremely unpleasant consequences.

Perhaps all this sounds like paranoid nonsense, but as we know — Even the most inveterate paranoid can get stabbed in the back.

Source of material: link.