| Submit your comments on this article |
| Britain |
| 'Fakeproof' e-passport is cloned in minutes |
| 2008-08-07 |
| New microchipped passports, designed to be foolproof against identity theft, can be cloned and manipulated in minutes and accepted as genuine by the computer software recommended for use at international airports, The Times reported on Wednesday. Tests exposed security flaws in the microchips introduced to protect against terrorism and organised crime. The flaws also undermine claims that 3,000 blank passports stolen in Britain last week were worthless because they could not be forged. Home office: The Home Office has always argued that faked chips would be spotted at border checkpoints because they would not match key codes when checked against an international database. But only 10 of the 45 countries with e-passports have signed up to the Public Key Directory (PKD) code system, and only five are using it. Britain is a member but will not use the directory before next year. The tests were conducted by Jeroen van Beek, a security researcher at the University of Amsterdam. Van Beek developed a method of reading, cloning and altering microchips so that they are accepted as genuine by Golden Reader, the standard software used by the International Civil Aviation Organisation to test them. It is also the software recommended for use at airports. Using his own software, a publicly available programming code, a £40 card reader and two £10 RFID chips, van Beek took less than an hour to clone and manipulate two passport chips to a level at which they were ready to be planted inside fake or stolen paper passports. A baby boy's passport chip was altered to contain an image of Osama bin Laden, and the passport of a 36-year-old woman was changed to feature a picture of Hiba Darghmeh, a Palestinian suicide bomber who killed three people in 2003. The unlikely identities were chosen so that there could be no suggestion that either van Beek or The Times were faking viable travel documents. Questions: The tests raise serious questions about the government's £4 billion identity card scheme, which relies on the same biometric technology. Last night Dominic Grieve, the Shadow Home Secretary, called on ministers to take urgent action to remedy the security flaws discovered by The Times. "It is of deep concern that the technology underpinning a key part of the UK's security can be compromised so easily," he said. The ability to clone chips leaves travellers vulnerable to identity theft when they surrender their passports at hotels or car rental companies. Criminals in the back office could read the chips and clone them The Home Office said last night that it had yet to see evidence of someone being able to manipulate data in an e-passport. A spokesman said: "No one has yet been able to demonstrate that they are able to modify, change or alter data within the chip. If any data were to be changed, modified or altered it would be immediately obvious to the electronic reader." The International Civil Aviation Organisation said: "The PKD ensures that e-passports used at border control points . . . are genuine and unaltered. In effect it renders the passport foolproof. However, all states issuing e-passports must join the PKD, otherwise that assurance cannot be given." |
| Posted by:Fred |
| #6 The terrorists caught on the Somalian/Kenyan border had British passports, enabling them to go to most any former British colony, which are many, with ease. We have to worry not just over 3,000 missing passports, but that all e-passports could be forged! The more secure we are made to feel, the less I really do. |
| Posted by: Danielle 2008-08-07 11:07 |
| #5 Or... A company wins a contract by the government and the planned and very good methods are killed one by one by government bureaucracies because they don't fit into their plan or forces them to change their ways (i.e. loose power in their eyes) and the whole thing is watered down until it is worse than the previous system. This seems to be the case with the contracts my company does for the Department of Homeland defense. |
| Posted by: DarthVader 2008-08-07 10:04 |
| #4 Only 3,000 missing, thats not so bad. |
| Posted by: bigjim-ky 2008-08-07 09:43 |
| #3 Gromky: Or, government hands over fat contract, company provides conceptual design, government says it discriminates against people of color and religion and is not as politically correct as the specs call for and issues orders to make it more fool proof (so that a government fool can read it) and accepts the inferior product as representing the best of a public-private partnership. |
| Posted by: Jack is Back! 2008-08-07 07:36 |
| #2 The usual - government hands out fat contract to company, company pockets cash and provides substandard solution, everyone loses except the executives. |
| Posted by: gromky 2008-08-07 06:35 |
| #1 Someone is in denial. |
| Posted by: tipover 2008-08-07 00:28 |