Risk: Low
A security consultant has shown how to clone electronic passports based on internationally agreed designs due to begin distribution this year.
The demo came as part of a presentation by Lukas Grunwald, CTO of German security consultancy DN-Systems Enterprise Internet Solutions, on hacking new RFID technologies used for dual-interfaces cards, such as within credit cards and passports, at the recent Black Hat conference in Las Vegas.
Grunwald said that the data held on RFID cards within e-passports can be copied simply, undermining claims by governments that e-passports will help stamp out forgeries. Grunwald stated: "The whole passport design is totally brain damaged. From my point of view all of these RFID passports are a huge waste of money. They're not increasing security at all."
Two weeks' close scrutiny of the RFID chips within passports already issued by the German government allowed Grunwald to develop his cloning technique. Much of that time was spent acquainting himself with e-passport standards, developed by the UN's Civil Aviation Organisation. All e-passports will adhere to this standard.
Frank Moss, deputy assistant secretary of state for passport services at the State Department, recently said that even if the chips on electronic passports are cloned other security measures, such as a digital photo of its holder and the physical inspection of passports, would foil attempts to use forged or modified passports. A feature called Basic Access Control within passports means that border officials need to unlock a passport's RFID chip before it can be read. However some security experts reckon this technique provides insufficient protection over the long run and that conventional smart-cards are preferable to RFID chips.