E-Passports ‘can be cloned’


Microchipped passports the Government claim are foolproof can be cloned in minutes, it has been reported. 

By Jon Swaine

Test results suggest that criminals could copy innocent travellers’ passports and manipulate their data, replacing the photograph or other information with their own.

The apparent flaws cast doubt on the Government’s insistence that 3,000 blank passports stolen from a vehicle last week are worthless and could not be used. The security of the Government’s £4bn Identity Card scheme, which is expected to use very similar technology, could also be called into question.

The tests saw Jeroen van Beek, a security researcher from the University of Amsterdam, clone the microchips from the passports of a baby boy and a 36-year-old woman. He was able to manipulate their data on a computer, replacing their photographs, and then transferred it on to two blank £10 chips, ready to be implanted in blank passports.

The altered chips were then accepted as genuine by Golden Reader, the software recommended for use at airports by the UN agency that sets standards for electronic passports and the International Civil Aviation Organisation.

Mr van Beek’s success suggests that holidaymakers who leave their passports at hotels or car rental centres could be leaving themselves vulnerable to identity theft.

Dominic Grieve, the shadow home secretary, said: “It is of deep concern that the technology underpinning a key part of the UK’s security can be compromised so easily.”

A Home Office spokesman would only repeated the department’s previous denial that data could be manipulated in an e-passport. She said “if any data were changed it would be obvious and the holder would be apprehended.” She refused to comment further.

The department’s claim seems to centre on an insistence that faked or cloned chips would trigger an alert by not having a key code to match up with an international database called the Public Key Directory (PKD). However, Britain will not begin using the PKD until next year, and only ten of the 45 countries that use e-passports have signed up to introduce it at all.

An Identity and Passport Service spokesman said: “We take security and privacy very seriously, which is why the British biometric passport meets international standards as set out by International Civil Aviation Organisation (ICAO) and we remain confident that it is one of the most secure passports available.

“Continuing investment in biometric technology and enhanced security measures will help ensure that passport security is maintained now and in the future.”

  • Sadly, it seems to be just another case of, “…oh, we didn’t think that one through guys ”

    E-passports cracked, hacked and ‘jacked’ – so what! Next it will be e-travel cards, contactless credit cards, ‘secure’ door entry passes and then smartphones. My advice…

    MAKE YOURSELF INVISIBLE – what they can’t see, they can’t steal!!!

    You can try a low-cost DIY RFID shielding option, or pay a few quid for a pack of eBay anti-skim (RFID blocking) sleeves. (It’s not ‘rocket science and some really good pointers on what to do can be found at: http://www.trackandshield.wordpress.com)

    As I see it, in a not too distant future there’ll be a simple choice to make – either opt out of using ‘contactless’ kit completely, or protect your personal data as best you can. But, is there really any excuse for not knowing how to do this anymore?