Is Elvis Dead? Who Knows, But His Passport Made It Through Airport Security In Amsterdam
from the biometrics? dept
There’s been a big push lately to use “biometrics” at airports — especially in light of the well publicized attack attempt last Christmas. But biometrics — especially chips in passports — can easily be fooled, and can create a false sense of security. JJ sent over the news of two hackers who were able to get past the security check-in with a passport claiming to be Elvis Presley — they even included an Elvis photo. Now, there certainly are some limitations with what they did, and even they admit that this sort of hacking wouldn’t work in a lot of cases. However, just the fact that they were able to get past the machine with a faked biometric Elvis chip suggests that the whole focus on biometrics is a bit of a red herring, as the data can be faked.
Filed Under: airport security, elvis, security
Comments on “Is Elvis Dead? Who Knows, But His Passport Made It Through Airport Security In Amsterdam”
Unh huh huh!
Wonder what the name of the created country was? Graceland?
Re: Unh huh huh!
and – as they exited – did the tannoy go
“Bing Bong…Elvis has left the building…!”
I love it when hackers do things just to prove that they can. it’s just lucky that they did it before any of the slightly intelligent criminals got around to it. I’m sure it won’t make a huge difference in the use of the system, people tend to be overly confident in their security. maybe it’ll wake up a few people, though, and someone will find ways to improve it. improving security technologies is always good, after all.
Re: Re:
Joe said
” it’s just lucky that they did it before any of the slightly intelligent criminals got around to it”
I wouldn’t be too sure about that. By the time “good” people think about it criminals have already been doing it for years
Re: Re:
Joe said
” it’s just lucky that they did it before any of the slightly intelligent criminals got around to it”
I wouldn’t be too sure about that. By the time “good” people think about it criminals have already been doing it for years
Re: Re:
“improving security technologies is always good, after all.”
The problem isn’t the technology, but peoples’ dependence on it. Liberties are being violated in the name of security, and the monkeys they have staffing the machines seem to lack the capability to critically examine the information they are being given. Far too many legitimate travellers have problems “because the machine says so”, while those passed are often not examined with human eyes.
There’s also the fact that such “security” is really just theatre and totally reactive. Somebody tries a shoe bomb, but is caught by existing methods – make everybody take their shoes off. Somebody tries a liquid based bomb that fails miserably – nobody can take a bottle of water on the plane. It’s silly, and does nothing to improve security, regardless of the quality of the technology.
Re: Re: Shoe bomber was not caught
“Somebody tries a shoe bomb, but is caught by existing methods”
As I recall, Richard Reid was not “caught by existing methods” but was in the process of (stupidly) igniting his bomb in the cabin rather than the toilet when he was apprehended.
So he was in fact not “caught” at all, in the “keeping everyone safe” meaning of the word.
Relying on all bombers being idiots was never going to be a good long term policy. Not after the level of planning shown on 9/11.
They need to get some creatives together to brainstorm attack methods, THEN see if their systems would withstand such attack attempts. I predicted 2 component liquid bombs would come soon after 9/11 but I’m not someone they are likely to listen to and anyway who am I supposed to tell ?
For example, how big a swallowed detonator is required to ignite the stomach of a suicide bomber who has been swallowing many small pouches of semtex ?
Our security services simply have no imagination, that’s the problem.
On the inter european union flights I get normally past the airport security without anyone really checking my id. To get a boarding pass I ususally stick a credit card into some machine, and that’s already it. Someone with my credit card can fly on any domestic flight in my place by stealing one of my cards or even just getting a slip. On the baggage check I have to sometimes do something so essential to flight security as to throw my 200 ml shower gel into waste basket, but no one verifies even my picture id. Bruce Schneier has it right, when he names all this a security theatre. I had a chance to observe an Israeli airplane on an airport near my home. Well they seem to know what they are doing, they try to verify the identity of its passengers using several methods among other things and never ever leave a plane unobserved, they cannot afford bullshit in place of real flight security.
OMFG! Schiphol Airport? That’s within 2 miles from where I live! I’m deeply ashamed…
I think the security now has an idea what to improve in their system. Thanks to this culprit, the airport security will be able to do necessary actions about this so no further attempts will arise.
False Sense of Security
I thought that all of the 911 attackers had valid passports and other identification, all valid.
So, of what benefit is this additional (so called) security?
All you know is..
These kind of systems move security away from the traditional methods (photographs and signatures) – where the personnel understood what was happening and stood a chance of using their own intelligence to detect fraud – to system of “black boxes”.
When an immigration official checks a photo ID then he can be pretty sure that the photograph is of the person in front of him. He can also use his own judgement that the document is genuine. Neither process is perfect of course – but at least the person involved understands what is going on.
When an official checks a biometric passport a little green light (or some such) will light up to tell him its OK – but all he really knows it that the little light lit up.
It turns him into a cypher and probably results in a lower standard of personnel in the job.
It increases the hassle on false positives – because he will not feel that he has any discretion.
It guarantees that anyone who defeats the technology will get through – because he is no longer bothering with any other signs.
And of course someone WILL defeat the technology – because its such a big target that it will attract all the best hackers worldwide (eg MOSSAD).
I wouldn’t be too sure about that. By the time “good” people think about it criminals have already been doing it for years
no no no
this just goes to prove ELVIS IS ALIVE. I couldnt be happier bust out the peanut butter and bannana sandwiches. The king is dead, long live the KING
Re: no no no
Will there be hollowed out loaves of bread slathered in butter as well?
Re: no no no
Thank you, Thank you, Thank you very much!!!
The problem with most airport security systems is that they’re expensive to implement and cheap to circumvent. What we need is a system that’s cheap to implement and expensive to circumvent.
I propose a system that involves the passengers. For instance, our method of handling emergencies often involves citizens. It would be impractical for the police to monitor everything that goes on all at once and respond to emergencies accordingly. As a result we implement a system called 911. As children, in grade school, we are taught when to call 911 and when not to and when we see an emergency we call 911 directing the focus of authorities where it needs to be directed the most. The same thing can be done here. You enter an airplane and they normally have a big screen T.V. that either shows movies or a map or whatever. Well, after everyone enters an airplane and is seated they can have a five minute clip that shows/tells everyone what to look out for and when to alert authorities about suspicious behavior and when not to (ie: to avoid false positives as much as possible). Then, they can have a keypad or something that people can press a couple numbers in next to each seat to alert authorities of suspicious behavior to allow authorities to respond appropriately. After all, the passengers are in the airplane anyways, they do have an interest in ensuring safety, why not have them be the lookouts for suspicious behavior instead of just being idle.
Re: Re:
Another method of creating passenger based security is to involve text messages. Airports can have some number that I can send text messages to and if I see suspicious behavior I can text message it to some authority who can text back and ask questions and tell me what to do to keep safe in case of a situation. Kinda like 911.
Re: Re:
“The problem with most airport security systems is that they’re expensive to implement and cheap to circumvent.”
Also, this is why teams of software engineers can spend many man hours and millions of dollars trying to secure a piece of software only to have some 13 year old kid crack it in very little time at very little cost. There are many more possible functional and insecure combinations of software than there are possible functional and secure combinations of software and so finding a functional and secure combination of software can be expensive.
Re: Re:
Also think of how Americas Most Wanted works. It’s a system that gets citizens involved in catching criminals. It’s cheap to implement (ie: just broadcast the pictures of some criminals) and expensive to circumvent (ie: the criminals now must hide from the public at large). Without citizen involvement catching many of these criminals would not be feasible.
We need to implement a passenger aided security system, one that involves the passengers and their ability to look out for suspicious behavior and educate passenger about what to look out for and what to report and what not to worry about.
Airplane Security
We seem to focus too much on airport security and not on airplane security. We should at least start with risk management – prevent hijackings of the planes. This one is easy – put the door to the cockpit on the OUTSIDE and put a reinforced bulkhead behind it. This limits the risk of an attack to the individual plane and whatever happens to be under it when it goes down.
If a plane is less useful as a hijacking target, there will be less hijackings.
This is why people who actually do security for a job do not deploy biometrics most of the time, because it’s very hard to get them right.
They are useful in cases where you have a database of biometric data, and a person you want to mach to the database. So you have a person claiming that they are someone say John, you read the iris or finger print from the person making the claim and see if it matches John’s entry in the database. (This has problems in that matching biometric data is not entirely reliable and to be really sure you need to get an export to verify the match, and even then it’s “These could be from the same person”)
The problem with biometric passports is that you are getting the data you are checking against from the same person you are trying to identify… This doesn’t work.