HOMENEWSTECHNOLOGYSECURITY In DepthDEVELOPMENT In DepthNETWORKING & TELECOMMUNICATIONS In DepthSPECIAL In DepthMANAGEMENTCAREERSNEW MEDIAFRYUPEVENTS

Passport data to be copied in Kiwicon demo

Active Authentication in new passports will expose copied data, says Internal Affairs

By Rob O'Neill | Auckland | Wednesday, 25 November, 2009

 

CIO LATEST NEWS

 

Newsletter & SubscriptionsComputerworld is New Zealand's only specialised information systems fortnightly.

Subscribe now for $97.50 (24 issues) and save more than 37% off the cover price!

Newsletter & SubscriptionsGet the latest news from Computerworld delivered via email.
Sign up now
RSS newsfeedSubscribe to Computerworld's
RSS newsfeed here and get news stories as they break.

This weekend Nick von Dadelszen is going to use a $25 Snapper Card reader to extract data from a New Zealand e-passport and copy it to a new smartcard.

He also plans to release tools to allow the reader to read other types of smartcards, he says, and to show how information can be extracted from chipped credit cards and used to create a "similar looking" card.

See also: 'Numero' to demo wi-fi attack at Kiwicon III
But, the demonstration is not an attack, says von Dadelszen, one of the major speakers at this weekend's Kiwicon III hackers conference at Victoria University in Wellington. Rather, it is one of several demonstrations he hopes will raise awareness of issues around smart card security.

Von Dadelszen says there are very few people who understand smartcard security.

"People have to rely on vendor assurances about security. My talk is to allow more people to understand and check their own security."

Department of Internal Affairs passport manager David Philp says the ability to read and even copy passport data "doesn't prove anything". He says the addition of Active Authentication to New Zealand's new passports will alert border agents if the data has been copied to a new chip.

"If you can read the data you can copy it, but if it's then read at a border it will be clear that it's a fake," Philp says.

Von Dadelszen says he's sure there will be "some discussion around that" at Kiwicon.

Unlike many others, von Dadelszen refuses to use a hacker name.

"Last year I went to Kiwicon as Nick 'Handles are for Wimps' von Dadelszen," he says.

Last year, Dutch researchers revealed how the European Oyster transport smartcard could be hacked. Von Dadelszen says that was because the card was using a flawed cryptographic scheme.

The local system used by Snapper is stronger, von Dadelszen says.


© Fairfax Media Business Group
Fairfax New Zealand Limited,
FairfaxBG - Computerworld - PC World - Reseller News - CIO - Unlimited - actv8
Email Webmaster - Contact Fairfax Media Business Group - Subscribe Online - Advertise With Us - Privacy Policy