IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

e-Passports fail cloning test

The theft of 3,000 blank passports last month coupled with Dutch research into recoding contactless chips highlights the real threat of fraudulent use.

UK e-Passport

The government has spent millions of pounds creating and implementing micro chipped passports in a bid to hinder organised crime and the movement of terrorists, despite the fact that they can be cloned and manipulated, according to reports.

The Times newspaper has reported that security flaws in the contactless chips used in modern passports allow them to be cloned without being identified as fake.

In tests conducted on behalf of the newspaper, a security researcher at the University of Amsterdam Jeroen van Beek developed a method of reading, cloning and altering microchips.

The manipulation appears so accurate that the fake passports are verified as genuine by Golden Reader, the passport reader software used by the UN agency that sets standards for e-passports.

Beek used a publicly available programming tool, a 40 card reader and two 10 RFID chips to clone and manipulate two passport chips to a standard where they were ready to be planted inside fake or stolen paper passports.

It took him less than an hour to clone the chips on two British passports and implant images of Osama bin Laden and a suicide bomber. The altered chips were then passed under a passport reader and perceived to be genuine.

News that e-assports can be easily manipulated will come as another blow to government after 3,000 blank passports, with a value of 2.5 million, were stolen from a van in Oldham, Greater Manchester last month.

If those stolen passports' chips are manipulated in the same way Beek demonstrated it could have a catastrophic impact on the integrity of the government's e-passport scheme.

NO2ID's national coordinator Phil Booth said that he was glad that the dangers to personal information was being given greater attention.

"Essentially, the government have set up a grand propaganda machine. I think with this latest news the government will pretend that there's nothing important to see here and that we should just move on. To admit that they are wrong now seems very unlikely."

Yet, despite The Times' findings the [a href="http://www.homeoffice.gov.uk/" target="_blank"] Home Office remained confident about the future of e-passports.

In a statement the Home Office said: "We take security and privacy very seriously, which is why the British biometric passport meets international standards as set out by International Civil Aviation Organisation (ICAO) and we remain confident that it is one of the most secure passports available. Continuing investment in biometric technology and enhanced security measures will help ensure that passport security is maintained now and in the future."

However, Booth remained sceptical that anything would be done to ensure that manipulation of chips would be ruled out.

"If they are going to do something about this, then they're going to have to abandon this scheme completely," said Booth.

A group of Dutch scientists at Holland's Radbound University recently discovered that the technology used in Mifare cards, including London's Oyster travelcards, can be cloned by anyone with a standard laptop.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Most Popular

Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers
ransomware

Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers

26 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Open source packages with millions of installs hacked to harvest AWS credentials
hacking

Open source packages with millions of installs hacked to harvest AWS credentials

24 May 2022