Tool to backup, modify and clone ePassport released

[Ian Batten]

>
>> would stop this.  It's some memory.  I can load bits into it.  Why
>> wouldn't I be able to?
>
> First of all the data should only be readable by people who are
> authorized to read them.


What's the definition of `authorized'?  I would argue that anyone to  
whom I show my passport is authorized, because the data belongs to me  
and I can authorize whoever I like to read it.

The ICAO scheme, as I understand it, is that the data on the RFID chip  
doesn't include the passport serial number, which is used as an  
encryption key.  So the intent is that the contents of the chip are  
readable to anyone who can read the data page of an open passport (old  
blue British passports have the serial number on the front cover, but  
that's not at all common these days).

Now there are some objections one might raise about the lack of  
entropy in passport serial numbers, but the intent --- that  
authorization remains with the holder of the passport --- is the right  
one.  What did you have in mind as `authorized'?
>

> Not anyone with any kind of rfid reader
> without any kind of authentication.

I think it's perfectly right that I should be able to use an RFID  
reader to extract data from my passport, and my children's passports.   
If there were hidden data there which require magic keys not in  
possession of the holder I'm sure we'd be the first to complain about  
it.  Passports should be transparent to the holder.

ian