Cloning And Modifying E-Passports

[googlevideo=http://video.google.com/videoplay?docid=-3185369830560352967&hl=de]

[THC/vonJeek] have released an application that allow you to backup and modify E-Passport data.  Check out the video of Elvis checking in at the airport.  Apparently there is no way for the machine to know if the passport has been tampered with.

[via Schneier]

8 thoughts on “Cloning And Modifying E-Passports

  1. Whoa, the guy creates a fake epassport (all the specs are public and on the web anyway, icao doc 9303) and reads it using a public demo terminal, which does not check any particular security feature and just displays the contents of the chip.

    Come on, I’ll be impressed the day the same person goes through customs using a totally fake ePassport. I seriously doubt a white smart card such as the one on video will be accepted by border control :-)

  2. Umm, the data IS signed. However the signature isn’t always properly checked and the file that specifies what security features are on the passport is apparently unprotected according to his talk at BH. I’d agree that the fact that a demo station allows this doesn’t mean that it will work in a real passport scanner.

  3. @2 JimXugle
    That’s true but a hell of a lot haven’t.

    @3 Ed
    The white RFID card could be taken apart (using acetone) and the coil chip taken out I’m sure you could embed it in a passport somehow. Might need to disable the RFID chip already in there would a needle piecing the chip work?

    At least it read it and displayed the info, if the nation hasn’t joined the public key sharing register then this may actually be workable. Once they do join it’ll be much securer.

  4. I have a doppelganger whom is a close personal friend of mine, so close in appearance is he, that people on the same project constantly approached me and started a dialog with me thinking I was him. Now do you think this is potentially scary?

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.