RSS Feeds
Gadgets
E-Passports Can Be Hacked and Cloned in Minutes
Posted by Sean Fallon at 9:00 AM on August 7, 2008
Tests conducted for the UK's Times Online have concluded that the new high-tech e-passports being distributed around the world can be hacked and cloned within minutes. A computer researcher proved it by cloning the chips in two British passports and then implanting digital images of Osama bin Laden and a suicide bomber. Both passports passed as genuine by UN approved passport reader software. The entire process took less than an hour.
Initially, the assumption was that cloned chips would be spotted because their key codes would not match those stored in an international database. However, only 10 of the 45 countries participating in the e-passport program have signed up to for the Public Key Directory (PKD) code system, and only five are currently using it. On top of all that, the research also suggests that biometric data could also be manipulated and implemented into fake passports.
At this point, there has been no evidence to suggest that an e-passport has been successfully cloned and passed off as genuine in a real life situation--but it is bound to happen unless every country buys into the PKD. Even then, I still have my doubts about long term security. We all know that its only a matter of time before someone figures out how to manipulate the system. [Times Online]
Comments (AU Comments · US Comments)
There are currently no AU comments for this post.
cipotefello
Posted 9:19 AM 7/8/08
@swoyekr: 59 minutes
cipotefello
Aaron Stein
Posted 9:19 AM 7/8/08
the system was probably designed by the company that gave the most to the appropriate political party that year
Aaron Stein
Chester_Copperpot
Posted 9:19 AM 7/8/08
Great, I just got mine last week. Fun.
Chester_Copperpot
Dudemeister on the Run
Posted 9:16 AM 7/8/08
U.S. security FTL.
And to think this is the passport I am waiting for to arrive in the mail.
Fail.
Dudemeister on the Run
tucker
Posted 9:15 AM 7/8/08
i'm sure this comes as a complete shock to everyone! no one saw this coming.
tucker
swoyekr
Posted 9:15 AM 7/8/08
The entire process took less than an hour.
you said minutes?
swoyekr
dysthymia
Posted 9:12 AM 7/8/08
Our taxes working for..... nothing/no one.
dysthymia
Cordfucious v 2.0.1
Posted 9:10 AM 7/8/08
we are we going to learn that security is myth well perceived but seldom achieved.
--Cordfucious
Cordfucious v 2.0.1
GeekyNerdGuy
Posted 9:07 AM 7/8/08
Wow.
GeekyNerdGuy
Frank
Posted 9:02 AM 7/8/08
STOP! Hammertime!
Frank
Luthian
Posted 9:39 AM 7/8/08
Good 'ol Microwave, heats my pizza rolls, closes a government approved security hole, its great for heating coffee too! :S
Luthian
skyshard
Posted 9:31 AM 7/8/08
@Dudemeister on the Run:
well, if you read before commenting, you'd see that it's the UK passports that were cracked, despite the misleading US passport image
(don't know if US passports are any better though...)
skyshard
beekerstudios
Posted 10:07 AM 7/8/08
my recently acquired passport is analog.. who does one acquire an e-passport?
beekerstudios
neko613
Posted 10:44 AM 7/8/08
I think this is just a "security" scramble the US has been doing ever since 9/11. Right now we're not even testing everything properly before we spend big tax bucks. More or less this is one of those "shotgun" methods to big problems...if you can't find the right solution, then try shooting with every damn possibility!
neko613
ARP
Posted 10:36 AM 7/8/08
But how difficult was it to grab the info? If it took 20 minutes to read the info, I'm less worried.
ARP
Xavoc
Posted 10:22 AM 7/8/08
@skyshard: Considering they're all based upon the same agreed upon standard... Most likely they're not.
Xavoc
DustyButt
Posted 11:02 AM 7/8/08
@Luthian: ***DUSTYBUTT NODS IN APPROVAL***
You have chosen wisely. Thats right... 3 seconds max.
DustyButt
Noobs-R-Us
Posted 10:51 AM 7/8/08
Wos' the idiot in the state dept that need to be fired?
Noobs-R-Us
shockwaver
Posted 11:33 AM 7/8/08
What I want is someone to take apart their passport and show the world where the damn chip is located.. so it can have an unfortunate accident with a hammer.
RFID chip broadcasting my personal information in foreign countries?
DO. NOT. WANT.
---
I've heard anecdotes about microwaves leaving charred marks on the passport too, and I think it is against the law to willingly mutilate or tamper with a passport. (In the US)
shockwaver
michaelleung
Posted 11:20 AM 7/8/08
And it wasn't even the 56k dude who did it.
michaelleung
DustyButt
Posted 11:38 AM 7/8/08
@shockwaver: It only leaves a charred mark if you leave it in for too long. Only for a second or two. Enough time for the microwave emission to feedback from the circuits and *ZZZTT* you're done.
DustyButt
RigorMortis
Posted 1:36 PM 7/8/08
Good god, when will people stop trying to make everything wireless? RFID = instant fail, do NOT pass go, do not collect your money. I don't want that crap shoehorned onto my credit card or my passport.
RigorMortis
TheWoodpecker
Posted 3:25 PM 7/8/08
Considering people have been making false passports for years I don't know why this is new or any more of a security risk. *shrug*
TheWoodpecker
ecobore
Posted 4:04 PM 7/8/08
The whole thing is so inefficient and rife with inbuilt failure one would imagine that Halliburton had managed it! The RFID info was cloned from 5 feet away two years ago, and yet they still introduced these things! Amazing
ecobore
MastaFalse
Posted 10:16 PM 7/8/08
The UK. Ha ha.
MastaFalse
dufus
Posted 10:45 PM 7/8/08
meh... I just plan to keep mine in an RFID shielded wallet.
It will only come out for the customs inspector, or the stiff official who barks, "May I see your papers please?".
If you can't skim it, it's safe.
dufus
s017jrs
Posted 11:33 PM 7/8/08
@swoyekr:
an hour, in fact, is made up of minutes.
@Luthian:
coffee and microwaves should NEVER be used in the same sentence.
RFID shielded passport case FTW
s017jrs
powerball
Posted 2:13 AM 8/8/08
Great job testing these guys, why not make a prototype and have a hacking contest first. I think it be $5000 dollars well spent.
powerball
FunkNotPunk
Posted 3:23 AM 8/8/08
This article (and most of the commenters) are really missing the point. These passports include a multitude of security features - none of which are now, nor ever will be completely fool-proof. Adding the electronic element merely provides one more layer of complication to people who want to forge these documents.
So if you are in the passport forging business, now you need a whole other level of technical prowess just to get back to your status quo.
Trying to make the argument that "because this new system is not perfect, therefor it is a failure" is sort of like arguing that we should just go ahead and print money on toilet paper, because ya know, paper money security features are imperfect anyway. Security is not about making things perfect, it's about making things difficult - so difficult that you immediately cut-out all but the most committed and talented criminals.
That being said, there is always room for improvement.
FunkNotPunk
rip
Posted 4:21 AM 8/8/08
@Chester_Copperpot:
Ground. Shoe. Stomp.
Problem solved.
rip
krom
Posted 11:31 PM 8/8/08
@s017jrs: totally agree on the coffee, microwaves debate. DAMN... now i made the same mistake.
krom
Ladadadada
Posted 10:12 AM 8/8/08
@FunkNotPunk: The point of the article (at least the point of the Times Online article) was that the authorities were claiming that the 3000 blank passports stolen a couple of months back are worthless because this system is "perfect" and "fakeproof".
This demonstrates that the authorities are full of shit.
The rest of your comment is still accurate and insightful.
@swoyekr: Yes. Minutes. 59 of them. Still considered to be "less than an hour".
:P
Ladadadada
last1
Posted 9:13 AM 7/8/08
In my opinion technology can help really in human life alot but there is a limit to it nonetheless. It has been demonstrated again again that electronic systems, computers , chips etc are prone to security problems.So why are they putting chips on passports?
last1