Friday, February 29, 2008

Secuirty problem casts doubt on E-passports


A recent demonstration shows that the hi-tech biometric E-passports could be hacked and information embedded could be copied and transferred to another device, which threw in doubt the passport-upgrading scheme used by the U.S., UK and other countries.
A sample of E-passport reader. (File Photo)

BEIJING, Aug. 7 (Xinhuanet) -- A demonstration showed the hi-tech biometric E-passports could be hacked and information embedded could be copied and transferred to another device.

This threw in doubt the passport-upgrading scheme used by the U.S., UK and other countries.

Speaking Sunday at the Defcon security conference in Las Vegas, Lukas Grunwald, a consultant with a German security company, said he had discovered a method for cloning the information stored in the new passports.

Data can be transferred onto blank chips, which could then be implanted in fake passports, a flaw which he said undermined the project.

But the findings do not mean that all biometric information could be faked or altered by criminals. Although the data held on a passport chip is not encrypted, it is not yet possible to change the cloned data without alerting the authorities.

Grunwald said his discovery was made within two weeks of first attempting to copy the data, and the equipment used cost 200 U.S. dollors. It is believed the hacking principle could be applied to any new passport issued in Britain, the US and other countries.

It is the latest research to raise concerns about the growing use of RFID, short for radio-frequency identification, a technology that allows everyday objects such as store merchandise, livestock and security documents to beam electronic data to computers equipped with special antennas.

Germany already used RFID in passports to help border officials guard against forgeries and automate the processing of international visitors. U.S. officials plan to start embedding RFID in passports in October. Since March anyone applying for a UK passport has been issued with a biometric version, which contains physical identification information. Enditem

No comments: