Microchipped passports the Government claim are foolproof can be cloned in minutes, it has been reported.
By Jon Swaine
Test results suggest that criminals could copy innocent travellers’ passports and manipulate their data, replacing the photograph or other information with their own.
The apparent flaws cast doubt on the Government’s insistence that 3,000 blank passports stolen from a vehicle last week are worthless and could not be used. The security of the Government’s £4bn Identity Card scheme, which is expected to use very similar technology, could also be called into question.
The tests saw Jeroen van Beek, a security researcher from the University of Amsterdam, clone the microchips from the passports of a baby boy and a 36-year-old woman. He was able to manipulate their data on a computer, replacing their photographs, and then transferred it on to two blank £10 chips, ready to be implanted in blank passports.
The altered chips were then accepted as genuine by Golden Reader, the software recommended for use at airports by the UN agency that sets standards for electronic passports and the International Civil Aviation Organisation.
Mr van Beek’s success suggests that holidaymakers who leave their passports at hotels or car rental centres could be leaving themselves vulnerable to identity theft.
Dominic Grieve, the shadow home secretary, said: “It is of deep concern that the technology underpinning a key part of the UK’s security can be compromised so easily.”
A Home Office spokesman would only repeated the department’s previous denial that data could be manipulated in an e-passport. She said “if any data were changed it would be obvious and the holder would be apprehended.” She refused to comment further.
The department’s claim seems to centre on an insistence that faked or cloned chips would trigger an alert by not having a key code to match up with an international database called the Public Key Directory (PKD). However, Britain will not begin using the PKD until next year, and only ten of the 45 countries that use e-passports have signed up to introduce it at all.
An Identity and Passport Service spokesman said: “We take security and privacy very seriously, which is why the British biometric passport meets international standards as set out by International Civil Aviation Organisation (ICAO) and we remain confident that it is one of the most secure passports available.
“Continuing investment in biometric technology and enhanced security measures will help ensure that passport security is maintained now and in the future.”