28 March 2012
Support our work: become a Friend of Statewatch from as little as £1/€1 per month.
A team of cryptography researchers discovered that around 720,000 passports issued by Belgium between late 2004 and July 2006 are not encrypted and the sensitive material they contain, including the holder's signature and photograph, could be read using a commercial RFID chip reader held 10 centimetres away, reported Belgian website Rue 89 on 6 June 2007.
The Crypto Group team of Louvain University made the discovery as they were trying to crack the encryption that supposedly protected the European Union RFID-chip passports, without their attempts giving rise to any reaction, until they realised that the passports' RFID chips lacked any cryptographic encryption.
The same team also ran tests on the passports issued after July 2006, whose RFID chip is protected by a key based on a passport's issue and expiry date, and its serial number. The researchers were easily able to lower the possible combinations for a serial number (two letters and six numbers) to 24,000 after a preliminary cross checking of sequences of numbers with time breaks between issue dates. They estimate that it would take an average of half an hour to check these possibilities, whose number could be lowered through a more detailed examination, at a rate of 400 attempts per minute.
"Les passeports belges cryptés comme des passoires", Rue 89, 6.6.2007; available at: http://www.rue89.com/2007/06/06/les-passeports -belges-cryptes-comme-des-passoires
Spotted an error? If you've spotted a problem with this page, just click once to let us know.
Statewatch does not have a corporate view, nor does it seek to create one, the views expressed are those of the author. Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement. Registered UK charity number: 1154784. Registered UK company number: 08480724. Registered company name: The Libertarian Research & Education Trust. Registered office: MayDay Rooms, 88 Fleet Street, London EC4Y 1DH. © Statewatch ISSN 1756-851X. Personal usage as private individuals "fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.