Skip to comments.'Fakeproof' e-passport is cloned in minutes
Posted on 08/07/2008 5:23:55 AM PDT by Schnucki
New microchipped passports designed to be foolproof against identity theft can be cloned and manipulated in minutes and accepted as genuine by the computer software recommended for use at international airports.
Tests for The Times exposed security flaws in the microchips introduced to protect against terrorism and organised crime. The flaws also undermine claims that 3,000 blank passports stolen last week were worthless because they could not be forged.
In the tests, a computer researcher cloned the chips on two British passports and implanted digital images of Osama bin Laden and a suicide bomber. The altered chips were then passed as genuine by passport reader software used by the UN agency that sets standards for e-passports.
The Home Office has always argued that faked chips would be spotted at border checkpoints because they would not match key codes when checked against an international data-base. But only ten of the forty-five countries with e-passports have signed up to the Public Key Directory (PKD) code system, and only five are using it. Britain is a member but will not use the directory before next year. Even then, the system will be fully secure only if every e-passport country has joined.
Some of the 45 countries, including Britain, swap codes manually, but criminals could use fake e-passports from countries that do not share key codes, which would then go undetected at passport control.
The tests suggest that if the microchips are vulnerable to cloning then bogus biometrics could be inserted in fake or blank passports.
Tens of millions of microchipped passports have been issued by the 45 countries in the belief that they will make international travel safer. They contain a tiny radio frequency chip and antenna attached to the inside back page. A special electronic reader sends out an encrypted signal and
(Excerpt) Read more at timesonline.co.uk ...
There’s a shocker...
By "human nature", I mean the tendency to rely on the computer's answer, rather than your own senses.
If the computer says I'm a 19-year old midget girl from Botswana, people won't notice that I'm a 50-year old white guy from Maine.
Witness the spell-czech feature on your computer pogrom.
A vast improvement over the old ones which could be cloned in secconds...
Its just about about human nature, not necessarily hackers.
Every mother's-son-of-a-hacker gets excited just THINKING about the challenge.
Anytime the government controls information or technologies that can control you, be afraid. Be very, very afraid.
Isn't it reasonable to believe that all the serial numbers of the stolen passports are known, and that can be entered into whatever databases are currently used for genenral passport control?
As a silly example, isn't it required to enter the printed passport serial number into the computer, and check that it agrees with the electronic chip information? If it doesn't, I see an automatic detention every time.
I can set up sceanros that lend themselves to computerized checks, but when bureaucracies are involved, the is no limit to the stupidities they can create to disable the cleverest security checks. As a much simpler example...