LAS VEGAS--The latest in digital travel documents, known as electronic passports, may not be much harder to forge than the current versions, a security expert told attendees at the Black Hat Briefings conference on Thursday.
Using hardware capable of reading data from the radio frequency identification (RFID) chip embedded in the cover of an e-passport, Lukas Grunwald, a security researcher with DN-Systems in Germany, showed that he could copy the data from a European passport and write the data back to a smart card. The threat: A forged passport could embedded a smart chip that mimicked the RFID chip in the latest e-passports.
"We have programmed the smart computer on the chip to behave like a passport," Grunwald told SecurityFocus during an interview at the Black Hat conference.
Privacy advocates and some security experts have warned that moving to electronic passports could pose a danger. The concerns focus on the U.S. government's initiative to create machine-readable passports that have already started to be rolled out to the public. Privacy and security experts have criticized the move as ill-considered, saying that the technology would leak data to those with specialized equipment, allowing Americans to be automatically identified by the passports they are carrying.
To answer the fears of privacy advocates, e-passports will have two countermeasures to make the surreptitious reading--known as skimming--of the passports more difficult. The covers of passports will have shielding material to make data leakage less likely, and use Basic Access Control (BAC) technology to authenticate the reader.
Posted by: Robert Lemos