The UK Times Online tested some of the new electronic passports and discovered that they can be hacked and cloned in under ten minutes.
In the tests, a computer researcher cloned the chips on two British passports and implanted digital images of Osama bin Laden and a suicide bomber. The altered chips were then passed as genuine by passport reader software used by the UN agency that sets standards for e-passports.
The Home Office has always argued that faked chips would be spotted at border checkpoints because they would not match key codes when checked against an international data-base. But only ten of the forty-five countries with e-passports have signed up to the Public Key Directory (PKD) code system, and only five are using it. Britain is a member but will not use the directory before next year. Even then, the system will be fully secure only if every e-passport country has joined.
Some of the 45 countries, including Britain, swap codes manually, but criminals could use fake e-passports from countries that do not share key codes, which would then go undetected at passport control. The tests suggest that if the microchips are vulnerable to cloning then bogus biometrics could be inserted in fake or blank passports. Tens of millions of microchipped passports have been issued by the 45 countries in the belief that they will make international travel safer. They contain a tiny radio frequency chip and antenna attached to the inside back page. A special electronic reader sends out an encrypted signal and the chip responds by sending back the holder’s ID and biometric details.