Kim Zetter writes in Wired magazine:

A German security researcher who demonstrated last year that he could clone the computer chip in an electronic passport has revealed additional vulnerabilities in the design of the new documents and the inspection systems used to read them.

Lukas Grunwald, an RFID expert who has served as an e-passport consultant to the German parliament, says the security flaws allow someone to seize and clone the fingerprint image stored on the biometric e-passport, and to create a specially coded chip that attacks e-passport readers that attempt to scan it.

…

The International Civil Aviation Organization, the United Nations body that developed the standards for e-passports, opted to store travelers’ fingerprints as a digital photo, no different than if you were to press the tabs of your fingers against a flatbed scanner. As a result, it’s possible to seize the image and use it to impersonate a passport holder by essentially hijacking their fingerprints. Japanese researchers several years ago demonstrated the ability to make false fingerprints using gelatin material that could be placed over a finger.

The fingerprint vulnerability may be relevant to the proposed UK ID card, since the Home Office apparently wants to make its ID cards usable as passports for European travel.

This entry was posted by andrew on Wednesday, August 1st, 2007 at 09:10 and is filed under (In)security, Biometrics, Foreign Articles, General. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.