(Dieser Artikel ist auch in deutscher Sprache verfügbar)
In a public demonstration at the Black Hat security conference in Las Vegas on 3 August 2006, Lukas Grunwald's, CTO of German security consultancy DN-Systems Enterprise Internet Solutions, made a demonstration on how electronic passports could be cloned. The industry that produces the passports has denied the allegations.
The German consultant made a demonstration showing the data on the e-passport chip can be easily copied. He has shown that the data can be transferred onto a blank chip that can then be inserted into a blank document looking like the original passport to the electronic passport reader.
Thus, a terrorist could use a passport with his/her real name and picture including a fake chip with different information copied from someone else's passport and could pass through an electronic screening system. Grunwald made the demonstration on a new European Union German passport, but the method could be used on any type of new electronic passport. He considered that: "From my point of view all of these (biometric) passports are a huge waste of money - they're not increasing security at all."
However, the Smart Card Alliance states e-passports are secure and almost impossible to counterfeit as they are based on several security layers. Although presently the data on the chip is not encrypted, it is digitally signed by the authority issuing the passport making any changes "visible" at a passport control.
Grunwald's counterfeiting technique needs the possession of the original passport that cannot be cloned from someone's pocket or bag. The e-passport has a feature called Basic Access Control that requires the unlocking of the RFID chip by officials by means of a unique key printed in the passport page.
Frank Moss, deputy assistant secretary of state for passport services at the State Department, said the digital photo of the passport holder and the physical inspection of passports would prevent the use of faked passports.
Referring to Lukas Grunwald Moss said: "What this person has done is neither unexpected nor really all that remarkable. The chip is not in and of itself a silver bullet.... It's an additional means of verifying that the person who is carrying the passport is the person to whom that passport was issued by the relevant government." On the other hand, he stated there were, however, countries that considered eliminating the human inspection and using only the electronic automated inspection.
Another concern expressed at the Black Hat Conference was related to the fact that, although protected by a metal fiber embedded in the front cover, an e-passport could be spied on by a reader if it is even very slightly open.
Industry group defends e-passports (11.08.06)
http://www.theregister.co.uk/2006/08/11/e-passports_defended/
Hackers crack new biometric passports (07.08.06)
http://www.guardian.co.uk/frontpage/story/0,,1838753,00.html
e-passport cloning risks exposed (04.08.06)
http://www.theregister.co.uk/2006/08/04/e-passport_hack_attack/
Hackers Clone E-Passports (03.08.06)
http://www.wired.com/news/technology/0,71521-0.html