←back to thread

Reading NFC Passport Chips in Linux

(shkspr.mobi)
287 points robin_reala | 2 comments | 25 Jun 25 07:33 UTC | HN request time: 0.547s | source
Show context
dzhiurgis ◴[25 Jun 25 09:35 UTC] No.44375315[source]
Hol up. So what stops you from uploading custom photo + metadata onto random chip and planting it in a fake passport?
replies(5): >>44375334 #>>44375336 #>>44375342 #>>44375469 #>>44376015 #
edent ◴[25 Jun 25 09:39 UTC] No.44375342[source]
The data are signed with the passport issuing authority's private key.

So you could implement a chip which reacts like an official passport. When the border guards see that the signature is invalid, you can explain how it's just a prank and you'll all have a jolly good laugh about it.

replies(4): >>44375530 #>>44375612 #>>44375693 #>>44375852 #
1. vbezhenar ◴[25 Jun 25 11:03 UTC] No.44375852[source]
Invalid signature probably will result from chip degradation or other electronic failures and I'm pretty sure that you won't be the first they see. Passport is supposed to be valid without any digital things, so they'll proceed with ordinary procedures, with manual entry of data from passport.
replies(1): >>44379664 #
2. lxgr ◴[25 Jun 25 17:13 UTC] No.44379664[source]
> Invalid signature probably will result from chip degradation or other electronic failures

I'd consider that pretty unlikely. Degraded chips would most likely provide no signature, not an invalid one. (Being able to randomly flip bits would be a big security problem for these kinds of ICs, so I'd assume they'd have robust protections against that.)