e-Passports fail cloning test

News 6 Aug, 2008

The theft of 3,000 blank passports last month coupled with Dutch research into recoding contactless chips highlights the real threat of fraudulent use.

The government has spent millions of pounds creating and implementing micro chipped passports in a bid to hinder organised crime and the movement of terrorists, despite the fact that they can be cloned and manipulated, according to reports.

The Times newspaper has reported that security flaws in the contactless chips used in modern passports allow them to be cloned without being identified as fake.

In tests conducted on behalf of the newspaper, a security researcher at the University of Amsterdam Jeroen van Beek developed a method of reading, cloning and altering microchips.

The manipulation appears so accurate that the fake passports are verified as genuine by Golden Reader, the passport reader software used by the UN agency that sets standards for e-passports.

Beek used a publicly available programming tool, a £40 card reader and two £10 RFID chips to clone and manipulate two passport chips to a standard where they were ready to be planted inside fake or stolen paper passports.

It took him less than an hour to clone the chips on two British passports and implant images of Osama bin Laden and a suicide bomber. The altered chips were then passed under a passport reader and perceived to be genuine.

News that e-assports can be easily manipulated will come as another blow to government after 3,000 blank passports, with a value of £2.5 million, were stolen from a van in Oldham, Greater Manchester last month.

If those stolen passports’ chips are manipulated in the same way Beek demonstrated it could have a catastrophic impact on the integrity of the government’s e-passport scheme.

NO2ID’s national coordinator Phil Booth said that he was glad that the dangers to personal information was being given greater attention.

“Essentially, the government have set up a grand propaganda machine. I think with this latest news the government will pretend that there’s nothing important to see here and that we should just move on. To admit that they are wrong now seems very unlikely.”

Yet, despite The Times’ findings the [a href="http://www.homeoffice.gov.uk/" target="_blank"] Home Office remained confident about the future of e-passports.

In a statement the Home Office said: “We take security and privacy very seriously, which is why the British biometric passport meets international standards as set out by International Civil Aviation Organisation (ICAO) and we remain confident that it is one of the most secure passports available. Continuing investment in biometric technology and enhanced security measures will help ensure that passport security is maintained now and in the future.”

However, Booth remained sceptical that anything would be done to ensure that manipulation of chips would be ruled out.

“If they are going to do something about this, then they’re going to have to abandon this scheme completely,” said Booth.

A group of Dutch scientists at Holland's Radbound University recently discovered that the technology used in Mifare cards, including London's Oyster travelcards, can be cloned by anyone with a standard laptop.