Well that didn't take long. It's been roughly a whole month since the U.S. has been issuing passports with RFID chips in them, and already they've been hacked. In theory, at least.
The hack was released late last week and is now making the rounds. For a first stab at a hack, it is still on the limited side and is nothing to panic too heavily over. The hacker needs certain "seed" information in order to read all the data on the passport, including: Your passport number, your date of birth, and the date the passport expires. Using that information, anyone can obtain some of the digitally encoded data on the passport, including the digital image of your face and some personal information (it's not clear exactly what).
At first glance this doesn't sound so bad: Obtaining someone's date of birth is easy, but their passport and expiration date much less so. Still, all a hacker needs is a quick photo of that info or, more realistically, a simple method to intelligently brute-force-attack the passport in order to get the data.
More importantly, though, this is just the first passport crack in what will undoubtedly be a long line of them, culminating with a one-click method to crack any passport there is. For now, there's just the one: RFIDIOt, and the code is online for all to see. Hang in there, folks. Happy Halloween.
http://tech.yahoo.com/blogs/null/6808;_ ... 1xkp8rLpA5
CISSP, MCSE, CSTA, Security+ SME