Passport cloning - Mail exposé
Posted on Tuesday, March 6th, 2007 by Home Office WatchCategory: Biometrics, ID Cards
Security consultant Adam Laurie has demonstrated in the Daily Mail how a new UK biometric passport can be cloned without even being removed from its delivery envelope. The government tends to laugh off questions about the risks associated with the new ePassports - see this letter from Joan Ryan in the Guardian where she claims:
It is no more remarkable that the basic information on the chip can be copied than it would be for someone to photocopy the same information that you can read on the personal details page of the passport.
John Lettice explains at The Register why such a dismissive response is short sighted at best:
The newly-delivered passport envelope was rerouted, and a working key was identified within four hours. Once this has been done, a fraudster would have all of the information needed to copy the chip, and therefore would be some considerable distance closer to being able to produce an identical copy of the entire passport.
The Mail notes that no proof of identity was required when the passport was delivered, but the vulnerabilities exposed mean that the problem goes far beyond the occasional passport being cloned after its delivery has been intercepted. Because it’s feasible to steal the data without detection, it’s perfectly possible that insiders could intercept large numbers of the millions of new passports delivered every year.
Given that we expect the same RFID chips to be used in ID cards, these vulnerabilities could prove extremely serious.
Comment : Trackback :Related posts:
