E-passports waste of money, says security expert
EUObserver: The security of new e-passports, currently being introduced in a number of EU countries, has been thrown into doubt after a German computer security expert demonstrated how personal information stored on the documents could be copied and transferred to another device.
"From my point of view all of these [biometric] passports are a huge waste of money - they're not increasing security at all," Lukas Grunwald told participants at the Defcon conference in Las Vegas on Sunday (7 August).
"The whole passport design is totally brain damaged," Mr Grunwald said, according to Wired.com.
The conference is an annual showcase of the latest weaknesses discovered in computers, phone equipment and other machines and assembles many of the world's best-known security experts.
The US plans to begin issuing e-passports to US citizens beginning in October. Germany has already started issuing the documents.
Mr Grunwald said it took him a mere two weeks to work out how to clone the passport chip, using the standards for e-passports posted on a website for the International Civil Aviation Organization, a UN body that developed the standard.
He tested the attack on a new EU German passport, but said the method would work on any country's e-passport, since all of them will be adhering to the same ICAO standard.
Although Mr Grunwald managed to clone the tag, he believes it is not possible to change data on the chip - such as the name or birth date - without being detected. This is because the passport uses cryptographic hashes to authenticate the data.
In June, the European Commission unveiled the technical details of a new type of biometric data to be used in EU citizens' passports.
Along with facial features that must be part of newly issued travel documents by late August, member states will be obliged to issue passports with two fingerprints by 2009.
"From my point of view all of these [biometric] passports are a huge waste of money - they're not increasing security at all," Lukas Grunwald told participants at the Defcon conference in Las Vegas on Sunday (7 August).
"The whole passport design is totally brain damaged," Mr Grunwald said, according to Wired.com.
The conference is an annual showcase of the latest weaknesses discovered in computers, phone equipment and other machines and assembles many of the world's best-known security experts.
The US plans to begin issuing e-passports to US citizens beginning in October. Germany has already started issuing the documents.
Mr Grunwald said it took him a mere two weeks to work out how to clone the passport chip, using the standards for e-passports posted on a website for the International Civil Aviation Organization, a UN body that developed the standard.
He tested the attack on a new EU German passport, but said the method would work on any country's e-passport, since all of them will be adhering to the same ICAO standard.
Although Mr Grunwald managed to clone the tag, he believes it is not possible to change data on the chip - such as the name or birth date - without being detected. This is because the passport uses cryptographic hashes to authenticate the data.
In June, the European Commission unveiled the technical details of a new type of biometric data to be used in EU citizens' passports.
Along with facial features that must be part of newly issued travel documents by late August, member states will be obliged to issue passports with two fingerprints by 2009.
<< Home