צי'פ "מאובטח" שאינו מתעדכן - כמו תוכנת אנטי וירוס שאינה מתעדכנת

15.9.06 ברוס שנייר ב-Washington Post - דרכון משמש אותנו 10 שנים. שיטות ההצפנה והאבטחה המשוכללות ביותר שיותקנו בצ'יפ שבדרכון, מתיישנות מהר. כמה זמן הייתם מוכנים, למשל, להשתמש במחשב שלכם עם תוכנות אנט-וירוס וביטחון בלי לעדכן אותן?

"The other security mechanisms are also vulnerable, and several security researchers have already discovered flaws. One found that he could identify individual chips via unique characteristics of the radio transmissions. Another successfully cloned a chip. The State Department called this a "meaningless stunt," pointing out that the researcher could not read or change the data. But the researcher spent only two weeks trying; the security of your passport has to be strong enough to last 10 years.

This is perhaps the greatest risk. The security mechanisms on your passport chip have to last the lifetime of your passport. It is as ridiculous to think that passport security will remain secure for that long as it would be to think that you won't see another security update for Microsoft Windows in that time. Improvements in antenna technology will certainly increase the distance at which they can be read and might even allow unauthorized readers to penetrate the shielding..."

אין תגובות:

No REAL ID