Biometric passports cracked

Biometric passports cracked

A German security consultant says he can clone RFID chips

Biometric passports used by the UK, US and other countries have been cloned by a German security consultant, raising further doubts over the £415m UK scheme.

Lukas Grunwald, a consultant with DN-Systems, told a Defcon security conference in Las Vegas that the data, stored on RFID chips, could be copied on to blank chips which could then be used in fake passports.

'The whole passport design is totally brain damaged,' Grunwald told wired.com. 'From my point of view all of these RFID passports are a huge waste of money. They're not increasing security at all.'

Grunwald says it took just two weeks to figure out how to clone the passport chip, and cost him $200. He tested the attack on a new European Union German passport, but the method would work on any country's e-passport, since all of them will be adhering to the same ICAO standard.

Authorities say the chip, which is digitally signed by the issuing country, will help them distinguish between official documents and forged ones. Since March, all passports issued in the UK have contained RFID chips with physical identification information.

Although countries have talked about encrypting data that's stored on passport chips, this would require that a complicated infrastructure be built first, so currently the data is not encrypted.

Although he can clone the tag, Grunwald says it's not possible, as far as he can tell, to change data on the chip, such as the name or birth date, without being detected.

The home office said yesterday that the British biometric passport is one of the most secure in the world and that while it might be possible to copy the chip data, it is not possible to modify or manipulate any of the data because the data is digitally signed and wouldn't validate.