Friday, November 17, 2006

British "secure" passports cracked - Shock horror!

The Guardian is reporting that the RFID secure British Passports that have been being issued for the past six months have been cracked. Amusingly the Guardian summary title asks why it was "so easy to break the security codes?"

There is a simple answer. Security technology is invented by human beings, therefore it stands to reason that human beings will find a way to circumvent it. This idea that ID Cards will be secure is, putting it simply, absolute nonsense. They will be cracked by someone because they've been invented by someone.

Politicians that see technology as a panacea need to learn Jeff Richards' two laws of data security.
  1. Don't buy a computer.
  2. If you do buy a computer, don't turn it on.
They should also heed the words of the Information Security expert Eugene H. Spafford that "the only system that is truly secure is one that is switched off and unplugged, locked in a titanium safe, buried in a concrete vault on the bottom of the sea and surrounded by very highly paid armed guards. Even then I wouldn't bet on it."

1 comment:

Benedict White said...

I write software for the RFID industry. You can make RFID chips with anything you want in them. In fact, they now make several ones programable after manufacture. I almost needed some cloned chips the other day as an update I had written was not working.

I realised my mistake though before I needed the chip.

RFID is useful, in fact very very useful. Secure it is not however.

If they'd asked me I would have told them. But then the cabinet office only asked my advice once, and I don't think the SPADS liked the idea of having me involved in anything.