
conclusion of the work."I don't know if there is any credibility in this story,"said Randy
Vanderhoof,Executive Director of the Smart Card Alliance,who said he would hold off any judgment until he was more familiar with the claims.Vanderhoof did point out, however,that Grunwalk was using a German passport with a fingerprint biometric."In US we're not using a fingerprint biometric,"he said.The State Department did not respond to a request for comment.
The U.S. e-Passport uses a digital image of the passport photograph as the biometric identifier, according to the State Department website.Paul Procter of technology research group Gartner said the vulnerability that Grunwald discovered is, like many exploits of RFID technology, "low probability but high impact."The problems with securing information on RFID are "real" and "well-known,"Procter said,who called Grunwald's work "sound.""If the government discovers a cloned passport,it will be stuck with millions of insecure passports.RFID will be in there but just ignored,"he said.But in order for the government to act,it "will have to catch someone cloning it in a nefarious way."Then Procter predicts the whole RFID infrastructure (passports, readers,
etc)would become null and void for the government."Governments aren't going to respond to a researcher but to a baddie,"Procter said.Grunwald is undaunted.He says he is"shocked at how naive the industry-specifically the security document industry is-going into this field and trying to implement security that puts us at risk."Grunwald,will discuss the vulnerability Saturday at the DefCon 15 hacker convention in Las Vegas this weekend.DefCon is an annual hackers convention attended by hackers,corporate IT security professionals and federal authorities from around the world.
http://money.cnn.com/2007/08/03/news/rfid/index.htm?section=money_topstories
As in the days of Noah...