Claims that UK ePassport was cloned and altered

Dutch researcher Jeroen van Beek has put the ePassport community on fresh alert following revelations that he was not only able to clone, but also alter information within an ePassport chip.

According to reports in the Times newspaper, van Beek copied the contents of an ePassport microchip onto another chip, making a clone of the first (nothing new). He then launched the Golden Reader Tool and verified this chip as being authentic.

Then – and this is the new bit - van Beek altered the cloned chip, removing the image of a child, and replacing it with the image of Osama bin Laden.

The Golden Reader refused to authenticate this altered chip because the digital key signature had been changed.

However, van Beek then used the work of Peter Gutmann, from Auckland University, New Zealand, who found a way to programme another key signature into the chip. The ICAO’s reader software then accepted the altered chip as genuine.

This revelation has caused a media storm, as it means a passport can be created in the name of a real person with a chip containing an impostor’s biometrics, so allowing that person to navigate most of the world’s borders – even many of those with ePassport technology.

According to experts, ICAO’s underutilised Public Key Directory (PKD) would prevent this from happening, if countries would only sign up to it. It is operated by a Singapore company, Netrust.

At present, key signature codes can be checked only if ePassport countries choose to swap details of those keys in a bilateral agreement or via the PKD. The UK does this with 35 countries - leaving 10 uncheckable, the Times claims.

If all countries used the PKD system, border readers be able to spot the fake keys and thwart the impostor attempt. However, of the reported 45 countries with ePassports, only five (Australia, New Zealand, Singapore, the US and Japan) are using the PKD.

ICAO wants all its 189 member countries eventually to introduce ePassports and want PKD membership to be necessary rather than optional.

This latest revelation might put pressure on the countries yet to sign up to redouble their efforts.

06 August 2008 Security Document World


August 07, 2008

Read more about Biometric Industry Events and Conferences.

Read more about Biometric Industry Useful Links.

Read more about Biometric Technologies:

Fingerprint, Iris Recognition, Hand & Finger, Facial Recognition, Voice/Speaker, Consultants, Smart Cards/Multimodal, Signature/Keystroke, 2D Barcodes, Sensors, Middleware/Software, Vascular Pattern Recognition

Read more about Biometric Applications:

Physical Access Control, Logical Access Control, Justice/Law Enforcement, Time and Attendance, Border Control/Airports, HIPAA, Financial/Transactional, Integrators/Resellers, Safes, Door Locks, Other


August 07, 2008



 

back
RSS News Feed
RSS Biometrics Industry Events

Showcases
Fingerprint
Iris Recognition
Hand & Finger
Facial Recognition
Voice/Speaker
Consultants
Smart Cards/Multimodal
Signature/Keystroke
2D Barcodes
Sensors
Middleware/Software
Vascular Pattern Recognition

Applications



Site Search



Sponsor Links

BIO-key
 BIO-key develops and licenses advanced biometric finger identification technologies that are cost effective, scalable and easy to deploy.

Identica Corp.
Is the exclusive provider of the Techsphere Hand Vascular Pattern Recognition biometric solution in the USA, Canada, Mexico and the Caribbean Islands.

ZK Software
 ZKSoftware Inc. is a leading OEM/ODM manufacturer offering Fingerprint Time & Attendance and Access Control, Fingerprint Door Locks and IT products.

Ceelox
Ceelox is a developer and marketer of biometric authentication and biometric file security software products.

Hitachi
Hitachi is a pioneer and recognized world leader in developing vein pattern biometrics systems.


Guides

What are "Biometrics"?
Biometrics Glossary
How Well Do Biometrics Work?
Identification vs Verification


Articles & Research

US VISIT Fact Sheet
The Anatomy Lesson
Smile: You're On Scan Camera
Privacy - Friend or Foe?
New Opportunities for Biometrics
Let Me In!
Archived Q & A's
Videos & Product Demos



Biometrics Events | Biometrics Links | Biometrics Press Releases
Biometrics Feature Articles | Biometrics Company Q&A's | Biometrics Product Videos/Demos
About Us | Contact Us | Advertising Info | Privacy Policy | Terms of Use