Why is the exchange of these certs between countries not mandatory? To develop a system that can be fooled by not using existing infrastructure that invalidates this hack seems madness to me!
The 'fraud-proof' e-passport can be copied and altered, a Dutch security researcher has demonstrated. In tests conducted for the Times, Jeroen van Beek of the University of Amsterdam changed the chip data in a normal UK e-passport to contain a picture of Osama bin Laden. The paper also reports that van Beek has contrived to have …
"it seems only a matter of time before researchers, campaigners or plain old forgers start trying to get them through borders. And in the case of the latter, if they succeed, how will we tell?"
On behalf of the Ministry of Truth:
There is nothing to tell. It is not, as you suggest "a matter of time" before a compromise will occur, due to the stringent security measures in place. The UK government takes data protection and security very seriously, and has ensured that, by initiating a cross-comparison lookup biometric database, which will remain offline and therefore secure, and will only be used in exceptional circumstances, that 100% security will be maintained at all times by being tough on ensuring the validity of customers of UK Borders and Immigration and their safety.
As usually the PR does not match their actual policy and behaviour and once again, as usually they have their pants on fire. Not surprising, after all in a country where a pathological liar was a prime minister for 10+ years one should not expect honesty from any official institution.
Anyway, while IPS continues to claim that the passports cannot be cloned, all new biometric passports are no longer sent by royal mail the way it used to be for decades. They are now sent using a secure document delivery courier and the receiver has to sign for it. So whatever they are saying in public about the "cloning", in reality they are trying to make this scenario less likely.
Me coat, the one with the "I live in an Animal Farm state" on it.
All the more reason why we need ID cards introduced asap.
Not only will they be hacker proof, but I'm sure that ZaNu-Labour will soon announce that they'll also protect you from bird flu, personal injury from an asteroid hit as well as being made from a new space age plastic which will absorb CO2 and hence save the whole of mankind as well.
PKD - Phillip K Dick
The PKD key can't just track the passport, it's tracking the user, so if you try to go somewhere you don't usually they will assume it's a fake. Everybody will have a profile on the system and any odd visit's will be flagged, you could get a new passport, it's copied before you get it, you get arrested trying to go to France because the copy has already gone to India...
I seem to remember reading in El Reg that if you go through UK passport control with a broken chip they will have to admit you anyway, because it isn't required by international agreement that biometric passports are mandatory? Apparently the UK passport people will "advise" you your chip is kaput, and "suggest" you shell out 90 quid for a new one. And if I need a passport renewal when I am in Ulan Bator, will it even HAVE a chip?
When NO2ID and the Daily Mail 'intercepted' a new e-passport (with the holder's permission), in order to demonstrate it cound be skimmed without opening the envelope it comes in, we inadvertently also demonstrated how much better the courier service is than the Post Office for security. Not noticeably. The package was handed at the door to the reporter who just said, "I'm his girlfriend".
It appears that some if not all of the couriers are all self-employed contractors, as well, so there's a certain amount of distance in the relationship between the Home Office and whoever handles live passports.
Given the thought-crime laws that have been passed in the US and the UK lately (DMCA, Computer Misuse updates) it is almost certainly illegal to try to circumvent the encryption (USA-DMCA) or even to own the tools with which to do it (UK-soon). No wonder the Cloggies are the only ones researching it - we would be in Gitmo if we tried!
Biting the hand that feeds IT © 1998–2021