Yeah, I'm sure there are uses that buyers/sellers have that I can't think of. Can also be useful for opening fraudulent bank accounts, purchasing plane tickets, etc. when you don't want real identity known.
-
-
As far as I can tell there's no way for a relying party to validate an identity/passport number pair, so the number is not an authenticator for the identity and thus there's not a material risk if the number is divulged. I don't see a material risk here.
-
But they validate at border crossings based on previous entries. So if I enter a country, they scan the passport and database pops up showing previous activity with that passport. If the same number pops up but has different name, that would flag it.
- 18 more replies
New conversation -
-
-
I guess that's not surprising
but still, unless it's querying a database, then you could still have used any number as the passport number, right? I guess I'm trying to get at why someone would pay to know the real number is 135349 and not just use 123456. - 1 more reply
New conversation -
-
-
In the story I wrote in 2006, the researcher actually cloned the chip (https://www.wired.com/2006/08/hackers-clone-e-passports/ …). But that problem was supposed to have been fixed after he exposed that. So it really depends how countries are implementing this.
-
I had thought that US passports in particular have the chip but then never fully implemented the signature and verification piece?https://www.wired.com/story/us-border-patrol-hasnt-validated-e-passport-data-for-years/ …
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.