I guess most people have been led to believe this new generation of ePassports or biometric passports are more secure, will help us keep our privacy intact and help us mitigate against identity theft.
Well how wrong the propaganda is! THC (famous for their tools and research in security) has just released some technical information, tools and a video which shows their cloned passport being read and verified by a passport reader.
The government plans to use ePassports at Immigration and Border Control. The information is electronically read from the Passport and displayed to a Border Control Officer or used by an automated setup. THC has discovered weaknesses in the system to (by)pass the security checks. The detection of fake passport chips does not work. Test setups do not raise alerts when a modified chip is used. This enables an attacker to create a Passport with an altered Picture, Name, DoB, Nationality and other credentials.
The manipulated information is displayed without any alarms going off. The exploitation of this loophole is trivial and can be verified using thc-epassport. Regardless how good the intention of the government might have been, the facts are that tested implementations of the ePassports Inspection System are not secure.
The passport reader appears to be in the Netherlands from my guise, but all the passports in use are the same just the templates slightly different.
Nice to see you again Mr Presley…imagine what could be done with this flaw in the sytem? I wonder if anything will be done about this or it’ll just be brushed under the carpet and remain knowledge of the security community.