Tests demonstrate cloning of passport chips

Rob Stringer

Tests carried out for the Times newspaper showed today how microchips in passports such as those recently stolen may be cloned and manipulated within minutes.

Security flaws were demonstrated by Jeroen van Beek, a security researcher at the University of Amsterdam, who cloned the chips of two British passports, implanting digital images of Osama bin Laden and Hiba Darghmeh, a Palestinian suicide bomber.

The modified chips were then examined by passport reader software and passed as genuine.

The tests undermine claims by the Home Office that faked chips would be picked up at border checkpoints where they wouldn’t correspond with an international database.
only ten of the forty-five countries with e-passports have signed up to the Public Key Directory (PKD) code system, with only five actually using it

“We’re not claiming that terrorists are able to do this to all passports today or that they will be able to do it tomorrow,” said Mr van Beek, “but it does raise concerns over security that need to be addressed in a more public and open way.”

The results cast doubt over the Government’s identity card proposal which uses the same biometric technology.

“Although there is no suggestion that these payment systems and passports are completely insecure,” observes Dan Isaaman, technical director of Smartcard Focus, “the fact that researchers managed to untangle a complex cryptographic algorithm in a matter of weeks from a series of microscope photographs should still be a big concern.”