Security flaws surface in UK e-passport scheme

Building on research from the UK, Germany and New Zealand, van Beek has developed a method of reading, cloning and altering microchips so that the Golden Reader, the standard software used by the International Civil

Aviation Organisation to test them, accepts them as genuine. It is also the software recommended for use at airports.

The micro-chipped passports contain a tiny radio frequency chip and antenna attached to the inside back page. A special electronic reader sends out an encrypted signal and the chip responds by sending back the holder8217;s ID and biometric details.

The tests suggest that if the microchips are vulnerable to cloning then bogus biometrics could be inserted in fake or blank passports. The flaws also undermine Home Office claims that the 3,000 blank passports that were stolen last week were worthless, as they could not be forged.

The Home Office has always argued that faked chips can be spotted at border checkpoints because they would not match key codes when checked against an international database. But only 10 of the 45 countries with e-passports have signed up to the Public Key Directory PKD code system, and only five are using it.

Britain is a member, but will not use the directory before next year, says The Times.

Britain introduced e-passports in March 2006. In the wake of the September 11 attacks, the US demanded that other countries adopt biometric passports. Many of the 9/11 bombers had travelled on fake passports.