The tests suggest that if the microchips are vulnerable to cloning then bogus biometrics could be inserted in fake or blank passports.
‘Fakeproof’ e-passport is cloned in minutes
Steve Boggan
New microchipped passports designed to be foolproof against identity theft can be cloned and manipulated in minutes and accepted as genuine by the computer software recommended for use at international airports.
Tests for The Times exposed security flaws in the microchips introduced to protect against terrorism and organised crime. The flaws also undermine claims that 3,000 blank passports stolen last week were worthless because they could not be forged.
In the tests, a computer researcher cloned the chips on two British passports and implanted digital images of Osama bin Laden and a suicide bomber. The altered chips were then passed as genuine by passport reader software used by the UN agency that sets standards for e-passports.
The Home Office has always argued that faked chips would be spotted at border checkpoints because they would not match key codes when checked against an international data-base. But only ten of the forty-five countries with e-passports have signed up to the Public Key Directory (PKD) code system, and only five are using it. Britain is a member but will not use the directory before next year. Even then, the system will be fully secure only if every e-passport country has joined.
Some of the 45 countries, including Britain, swap codes manually, but criminals could use fake e-passports from countries that do not share key codes, which would then go undetected at passport control.
Delicious
Digg
Reddit
Newsvine
Furl
Google
Yahoo
This is why national ID
This is why national ID cards should wait a bit. Until the public understands encryption a little better (including British and German bureaucrats), it's hopeless. It is nice to see the U.S. being less retarded than other countries for once.
Terrorists are not going to
Terrorists are not going to enter the USA through airports anymore. No matter what systems nations put in place folks will find a way to circumvent them. This is all about security as a growth industry. The government officials calling for these updated Tom Swift and Flash Gordon toys will soon leave their jobs and land gigs with these private companies and use their connections to sell the government, i.e., the gadgets they ordered when they were on the public payroll.
It's not a Flash Gordon toy
It's not a Flash Gordon toy to update passport verifiability to 1990's-level consumer standards. Your bank company has more legitimate confidence that you used your debit card at the drug store yesterday than non-security-hashed passports guarantee that you entered the country.
And why wouldn't terrorists enter the country through airports? They've always done so in the past.
"It's not a Flash Gordon toy
"It's not a Flash Gordon toy to update passport verifiability to 1990's-level consumer standards."
Consumers are not demanding that anything, anything at all, be done with passports save being delivered in a timely manner. Computer chip-laden passports would not have prevented Muhammad Atta and his crew from entering this country.
Post new comment