Report: Unhackable e-passports hacked within minutes
Tests by The Times of London indicate that new passports aimed at curbing forgeries and claimed to be unhackable can be cloned and pass as legitimate documents.
Officials who had been pushing for adoption of the new microchip-equipped passports lauded them as a way to cut down on terrorism. Under the old paper-only system, the documents could easily be forged.
With the new system, a microchip would be embedded into the passport, which in turn would be scanned by customs agents at airports. Forged documents would be identified much easier.
That argument appears set to come crashing down. The Times has found security holes within the chips that allowed them to be altered. When passed through the UN-approved reader software, they came up as legitimate.
Security research Jeroen van Beek was able to create two faked e-passports good enough to pass through the UN system in an hour. He used publicly available code, a £40 ($78 USD) card reader and two £10 ($19.50 USD) RFID chips.
Supporters of the e-passport technology counter that even altered chips would be detected due to the use of key-codes. But that may not necessarily be the case: Of the 45 countries now using the technologies, only 10 have signed up for the system, and five have it implemented.
With such low adoption, there would be many points of entry from which terrorists could circumvent the key-code system.
The discovery also leads to identity theft concerns. Travelers will frequently surrender their passports for car rentals and hotels. If a criminal is working at either location, while the passport is in their possession, sensitive data could be read from it, and used to clone another passport.