All globally?

Less than 10.

However if we look only at border checkpoints (including airports) in first world nations the number is probably a lot higher.

Not only are agents likely to be using the chip, self-service immigration gates have become really popular at airports around the world and mostly use the RFID chip together with a face scan

On the bright side, this bug seems to require an ECDSA operation, and I would guess that most ePassports are using RSA. Can't seem to find any statistics but the standards support both.

PACE does use (EC)DH. Not sure if that’s vulnerable as well, or if this is once again a footgun specific to (EC)DSA.

Since it's a non constant time implementation of a specific part of the EC operation (modular inversion) my guess would be they reused the code for that everywhere and it's probably also present in ecdh and all other algorithms requiring a modular inversion.

So what would an attack of the RFID chip look like, if the person still is facially identified using a face scan?

1. Obtain a donor passport, get the chip, dump the Active Authentication key which is used to ensure you can't clone the chip

2. Make a fake passport with your photo (and fingerprints etc.) and add the AA key so that it passes the check

You'll still have to somehow fake Passive Authentication (in which your data, including photo, is signed by the country's public key) too, though.

That's assuming that the validation software even has all issuing countries' root keys available.

Supposedly it's surprisingly (or maybe not, given how international government relations historically work) difficult for countries to exchange their public keys: Since there isn't any central authority, nor a chain of trust available (a la "this key is signed by France and Switzerland, so it's probably the real thing to us, Germany"), it boils down to n^2/2 key exchanges, and n additional ones every time a single key expires or, worse, has to be rotated on short notice. Then all of that has to be distributed to all border authority systems.

Last time I looked into this (10+ years ago), my laptop doing Passive Authentication and Active Authentication using 10 lines of Python and my country's root certificate (it's publicly available) was supposedly more than what most border checks could practically do.

ICAO, the international organization which maintains the standards for travel document interoperability does have a public key directory that a reasonably large number of countries now participate in. The beauty of international organizations is that the individual members don’t all have to be on the best terms with each other.

https://www.icao.int/Security/FAL/PKD/Pages/default.aspx

Oh, that is very neat, thank you!

It seems to be publicly accessible too. Maybe I'll add a few lines to my script if I can still find it :)

Isn't this what the pouch and ambassador is for?

Yeah, it’s surprisingly not straightforward. In my home country (Russia), only some biometric passports issued inside the country can be used on the automatic gates – mine was issued in an embassy overseas, so I can’t use them. It works just fine in Malaysia, though!