I wonder whose chip they managed to open?

I have marked your words dear reader, and I weep for a bear of such little brain. As to OP, thank god they are not trying to control the common man who they DO respect, that would be truly awful.

putting a chip into an identity document is another security feature, besides holographic images, guilloche patterns, microprint, etc. etc. - and yes, it makes it easier to collect data electronically (but not more than that).
It keeps puzzling me that people keep demanding (or claiming, for that matter) that this chip feature be 100% secure against tampering or falsifying, when none of the other security features has ever been 100% secure. What's the news? It has always been possible to falsify a passport and it always will. Just that with an ePassport, the falsifier needs to manage yet another quite complex technology - IT - in addition to all the other skills.
The chip inside the ePassport costs governments a single-digit number of bucks (or quid, yuan, whatever) - so no one should expect any miracles for that.
Just relax and sit back, all this is really nothing new. Just because the new technology is IT related (which we all believe we know something about) rather than security printing related, the world is not ending.

From the rogitstr:
"Validation of the [passport holder's unique] signatures on e-passports requires the exchange of PKI certificates between countries' issuing authorities, *OR* the use of ICAO's PKD (Public Key Directory) system. Logically the ICAO PKD system ought to be used to provide a standard level of validation for what is intended to be a glabal [sic], secure document standard. Currently, however, use of the PKD is far from universal, and many countries (the UK included) rely on bilateral exchange of certificates with other countries."

These chips are shown to be re-writable. The biometric collection burden is placed on the country of epassport issue. To do so, should require centralised PKI registration resulting in the holder's global unique key. PKI ledger should be distributed to all ports routinely. Every destination port is both a verification and a collection modifier to both the epassport and any subsequent destination port's manifest. The manifest in itself must be knowable to only the immediately prior port and the destination. So at least some bilateral exchange of certificates for manifests should be required. Any deficiency should be flagged.

Validation, privacy, and confidentiality must be safeguarded for verifications concerning distributed PKI ledgers.
Signatures should be matched via two routes. Only unique signatures should be possible. The encoded media should also carry the encoding machine's expiring/shifting licence certificate identifiers in an undisclosed manner.

All transactions should be recorded with CCTV, etc..

You know, one might think that the folks responsible for the security of a nation might actually be thankful that a security loophole had been discovered...for free...before it was abused. That way, they can work extra hard to fix it.

Instead, they get embarrassed, act stupid and deny there are any problems. Then they can go ahead with it anyway, do nothing about the problem and spend billions when real bad guys decide to take advantage.

Feel safe yet...?




If you drop the numbers 9/11 you might have also mentioned that all those involved in that attack had perfectly legal passport, and would have RFID's in them if they were widespread enough at that time.
RFID's are not about anti-terrorism, they are a means of power-hungry selfcentered government idiots to control the common man whom they do not respect.

We need to worry about certain countries (ahem, Iran) getting into the mix and forging this stuff. Then passing it on the individual terrorists (ahem, Hamas) and acting like they had nothing to do with it while their proxy terrorists do their dirty work and desires. This will happen with a nuke one day, mark my words.