Wednesday, 6 August 2008

Fakeproof passports (updated)

In a Times article, Steve Boggan reports that so-called 'fakeproof' passports can be easily... faked:
"New microchipped passports designed to be foolproof against identity theft can be cloned and manipulated in minutes and accepted as genuine by the computer software recommended for use at international airports."
The Times has assigned a specialist, Jeroen van Beek, to test the security of these new generation passports and the results are devastating.

This is especially relevant because, according to the article, only 10 out of 45 countries using micro-chips on passports are using the Public Key Directory (PKD) code system, a security system that could prevent the manipulation of identities.

Times reports:
"Using his own software, a publicly available programming code, a £40 card reader and two £10 RFID chips, Mr van Beek took less than an hour to clone and manipulate two passport chips to a level at which they were ready to be planted inside fake or stolen paper passports.

A baby boy’s passport chip was altered to contain an image of Osama bin Laden, and the passport of a 36-year-old woman was changed to feature a picture of Hiba Darghmeh, a Palestinian suicide bomber who killed three people in 2003. The unlikely identities were chosen so that there could be no suggestion that either Mr van Beek or The Times was faking viable travel documents."
The easiness of this process is stunning, and I would like to raise the rhetorical question whether all these digital "security measures" introduced post-9/11 are really worth the public money spent. My feeling is that this will ease manipulation in the future because everyone will be relying on technology that can be fooled systematically.

Bright future, we are awaiting you!


Felix Knoke of underlines that not participating in the PKD does not mean that states do not exchange security keys bilaterally, and that several states in fact prefer this direct exchange.