ePassport double whammy

I just love it when the Ministry of Bad Design delivers me a double whammy perfect for LDTT - ePassport readers are not only susceptible to buffer overruns when reading image data from the passport, they also decrypt data on the passport using a time limited certificate - but since passports have no concept of time (they are dumb data stores) the expiration of that certificate is meaningless.

The short time limited certificates were obviously used to get around the problem of certificate revocation since otherwise you'd need a way to revoke the certificate in use by the reader if it fell into the wrong hands. However the issue of the passport itself being oblivious to time means that any valid certificate is effectively valid for life - until that is they embed a clock into your passport.

As for the buffer overrun exploit - I'd love to be behind Lukas Grunwald when he crashed the passport reader, I'm almost certain the officials would just look at the blue screen and start waving everyone else through until someone fixed it - assuming Grunwald hadn't figured out how to do the reprogramming exploit to let everyone through anyway. You see once you have a machine to make the decisions for you people will start ignoring any physical evidence in front of them to the contrary - the no fly list SNAFUs demonstrate that clearly. So a reprogramming exploit is a very dangerous thing indeed and it will give security people the perfect alibi of "well the machine said he was okay so I let them through". Good bye common sense, hello Skynet...