So you could implement a chip which reacts like an official passport. When the border guards see that the signature is invalid, you can explain how it's just a prank and you'll all have a jolly good laugh about it.
There are also optional subprotocols that allow the chip to be authenticated (i.e. proof it knows a private key). These prevent copying valid signed data to a different chip.
NFC chips can be locked. That means the data can't be overwritten. No matter the writer, nor its strength, you can't overwrite a passport's chip.
I suppose you could use an EMP - but that would ruin a lot more than just some trips.
But you could achieve much the same effect with a hammer.
Both sides even have the info printed. One side in human format, the owner side in machine readable.
For a random traveller you can probably guess roughly how old they are, which is a few bits for the date-of-birth, and maybe you could strike up conversation and discover their name (or maybe it's printed on baggage, called out by fellow travellers etc.) but yeah it'll be very hard
For a very well known person you can likely discover everything except the passport number and you might get a decent guess at that from knowing roughly when it would be issued.
I read this article, but seems like any information about it is kind a omited.
From a very well known person you could probably also steal everything you need directly, if your purpose is to create damage.
https://www.icao.int/publications/documents/9303_p10_cons_en...
https://www.icao.int/publications/documents/9303_p11_cons_en...
But please keep in mind that this is just the spec for how it's supposed to be implemented. Real world implementations of it have lots of creative interpretations of the spec in addition to straight bugs in their implementations, so if you're going to write software that has to work with various different documents issued by various governments, you'll have many fun debugging sessions :)
Source: I have been working on a blockchain implementation in the past that was compatible with the cryptographic functions in an NFC passport. Basically using a standard NFC passport as a cold wallet.
Fun fact. The cryptographic system even differs per country.
E.g. the Dutch don't trust the NIST elliptic curves so use the brainpool curves instead. Some other countries are still using RSA iirc.
Actual validation methods would be actually cool to read about. Since if we ignore legal diffuculties of storing the data then we can actually use passport cryptography as something like actual proof-of-human without pesky 3rd-parties.
I've seen crashes in PKCS#11 drivers when reading cards with malformed data. So, the possibility, in theory, is always there.
https://pastebin.com/k0Tty22a
I don’t know if the issue is the very low power chip in the passport, or some damage or what… but I dread the process any time I need to do it.
https://trustdochub.com/en/mrz-strip-french-driving-licence/...
One master key leak and everyone is walking around with IDs that give away sensitive data over RFID.
This enables the passport to prove it's integrity by signing responses with its private key.
Much preferred over the usual "send us a photo of your password as a means of authentication".
I'd consider that pretty unlikely. Degraded chips would most likely provide no signature, not an invalid one. (Being able to randomly flip bits would be a big security problem for these kinds of ICs, so I'd assume they'd have robust protections against that.)
I don't think ICAO passports can ever be rewritten post-issuance. Some national IDs can, e.g. to change the holder's residential address, but for passports, I don't think any part of the on-chip data can be changed post-issuance, since it would also require re-printing data on the photo page usually under protective plastic.
That's true for older passports, but there's actually a newer scheme that uses Diffie-Hellman key agreement instead, since non-repudiation, which is hard to avoid with RSA signatures, is considered a non-goal for passports. (Some governments apparently don't want them to be used as a "backdoor e-signing scheme", hence the change to the new repudiable authentication scheme.)
I don't think it's a particularly different attack vector just because the chip is "active". Competent systems would treat all data received from it as potentially harmful until proven otherwise.
That's a known trade-off, and I believe some countries accordingly restrict access to their own national authorities (which usually already have access to that data via other means, since they're issuing the document).
You need to enter the passport number and dates yourself though.
Some countries (like Belgium) this _is_ a goal. They implemented a full PKI in their identity cards.
Even then, authorization is completely missing from the ICAO model – it's for authentication of identity documents only. It's explicitly not intended for "proof of humanity", since that requires authorization too, or it'd be vulnerable to any attacker that can briefly tap your identity document with their phone.
That's one of the reasons why active authentication was deprecated, presumably: Signatures without document owner authorization can be misleading/interpreted as confirming intent, not just document existence.
Essentially, these countries run two applications on the document chip: One that lets anyone verify the authenticity of the document, using the ICAO PKI and active or chip authentication, and one that lets the document owner sign data, usually after entering a PIN or password (or anybody holding the document could do so on their behalf).
Other countries decouple e-signatures/remote authentication and electronically verifiable identity documents, e.g. Austria – which now has an ICAO-compatible identity card, but a completely separate e-signature schme based on, and it really pains me to say this... server-side private keys.
It won't help with that at all, since without requiring active involvement of some credential or trusted party, all there is is a static signature saying "there's a person called $name born on $dob", but nothing saying "and that person wants to <send an email|register an account|...>".
There is a way to use ICAO documents supporting "Active Authentication" in such a way, and I've seen proofs of concept leveraging it, but it was an unintentional consequence of using RSA signatures for authentication and fixed/removed in newer cards.
Example: https://github.com/alexrsagen/rs-nfc1/blob/main/examples/rea...
Library with eMRTD specific code: https://github.com/alexrsagen/rs-mrtd1
Still reasonable?
Front, 200dpi, "Unable to find a face in the image". 300dpi, "Unable to find a face in the image". Let's try lower, 72dpi, "Thank you".
Back, let's start at 72dpi, since that worked for the front. "Unable to read a barcode in the image". Higher, 200dpi, "Unable to read a barcode in the image". 300dpi? "Thank you".
Context: Made an implementation for reading these when Dutch drivers license model with NFC first came available (model 2014 if I remember correctly)
It does start with D1NLD. Then a single digit which is not the checksum of the foregoing (using the passport checksum algorithm). Then the document number. Then some letters and numbers I can't make any sense of. It ends with a correct global checksum for all of the foregoing.