Researcher gives Elvis and bin Laden fake e-passports
The 'fraud-proof' e-passport can be copied and altered, a Dutch security researcher has demonstrated. In tests conducted for the Times, Jeroen van Beek of the University of Amsterdam changed the chip data in a normal UK e-passport to contain a picture of Osama bin Laden. The paper also reports that van Beek has contrived to have …
Why is the exchange of these certs between countries not mandatory? To develop a system that can be fooled by not using existing infrastructure that invalidates this hack seems madness to me!
Hi,
I suspect we'll get an Elvis / Bin Laden impersonators convention quite soon... with 3000 blank passports in the wild...
Paris still trying to figure out the point of a signature you can't check... (except to reassure the public).
"do you still stand by the statement you made last week that the 3000 stolen passports are worthless?"
By my sums they're probably worth quite a lot by now. Especially if you run an Elvis impersonator fan club and need new membership cards
Again we see half baked ideas executed in a half baked fashion. I guess that makes it quarter baked.
<-- I'll pinch a passport from this coat pocket, change the data on the chip, then make a quick exit abroad under a different identity.
"it seems only a matter of time before researchers, campaigners or plain old forgers start trying to get them through borders. And in the case of the latter, if they succeed, how will we tell?"
On behalf of the Ministry of Truth:
There is nothing to tell. It is not, as you suggest "a matter of time" before a compromise will occur, due to the stringent security measures in place. The UK government takes data protection and security very seriously, and has ensured that, by initiating a cross-comparison lookup biometric database, which will remain offline and therefore secure, and will only be used in exceptional circumstances, that 100% security will be maintained at all times by being tough on ensuring the validity of customers of UK Borders and Immigration and their safety.
Next question.
NEXT QUESTION!!!!
As usually the PR does not match their actual policy and behaviour and once again, as usually they have their pants on fire. Not surprising, after all in a country where a pathological liar was a prime minister for 10+ years one should not expect honesty from any official institution.
Anyway, while IPS continues to claim that the passports cannot be cloned, all new biometric passports are no longer sent by royal mail the way it used to be for decades. They are now sent using a secure document delivery courier and the receiver has to sign for it. So whatever they are saying in public about the "cloning", in reality they are trying to make this scenario less likely.
Me coat, the one with the "I live in an Animal Farm state" on it.
All the more reason why we need ID cards introduced asap.
Not only will they be hacker proof, but I'm sure that ZaNu-Labour will soon announce that they'll also protect you from bird flu, personal injury from an asteroid hit as well as being made from a new space age plastic which will absorb CO2 and hence save the whole of mankind as well.
Sovereign power. One nation doesn't necessarily have to see eye to eye with another. Only when they agree (by, for example, ratifying an international treaty) are they legally bound to do anything.
'van Beek has contrived to have a passport in the name of Elvis Presley accepted by a public e-reader in a Dutch town hall.'
So can I be the first to say that Elvis has entered the building...........
OK, coat (well, sparkly gold lame jacket then)
there are absolutely NO *bent* couriers *securely* delivering passports.
Just thought that should be made perfectly clear.
Nothing to see here.
Move along now.
PKD - Phillip K Dick
The PKD key can't just track the passport, it's tracking the user, so if you try to go somewhere you don't usually they will assume it's a fake. Everybody will have a profile on the system and any odd visit's will be flagged, you could get a new passport, it's copied before you get it, you get arrested trying to go to France because the copy has already gone to India...
Not good!
and in the case of the USA, even a ratified treaty doesn't mean diddly-squat...
I with we'd give up on the 100% secure passport though - we'll never have one...
I seem to remember reading in El Reg that if you go through UK passport control with a broken chip they will have to admit you anyway, because it isn't required by international agreement that biometric passports are mandatory? Apparently the UK passport people will "advise" you your chip is kaput, and "suggest" you shell out 90 quid for a new one. And if I need a passport renewal when I am in Ulan Bator, will it even HAVE a chip?
why don't you make a fake one for George Bush? Then maybe they'll spot the forgery and subject him to a thorough cavity search
And it's yummy.
Coming soon to a government near you, a new slogan: "Totally Unbaked Government: It's Yummy! And It Tastes Good!"
It's an iPhone app that puts Bin Laden's picture onto the chip of any passport you point it at.
Let's face it. It'd be worth buying an iPhone for......
...for they seem to be the only people that are actually researching this stuff. Can we fund them to -pull apart- research the entire Labour government's technology platform?
Renewed mine in June and it came by snail mail, no need to sign anything at all.
When NO2ID and the Daily Mail 'intercepted' a new e-passport (with the holder's permission), in order to demonstrate it cound be skimmed without opening the envelope it comes in, we inadvertently also demonstrated how much better the courier service is than the Post Office for security. Not noticeably. The package was handed at the door to the reporter who just said, "I'm his girlfriend".
It appears that some if not all of the couriers are all self-employed contractors, as well, so there's a certain amount of distance in the relationship between the Home Office and whoever handles live passports.
Given the thought-crime laws that have been passed in the US and the UK lately (DMCA, Computer Misuse updates) it is almost certainly illegal to try to circumvent the encryption (USA-DMCA) or even to own the tools with which to do it (UK-soon). No wonder the Cloggies are the only ones researching it - we would be in Gitmo if we tried!
Sign up, sign up for The Register's weekly IT security newsletter - click here
