Published October 02, 2008
A group of Dutch hackers has shown the vulnerability of the new "ePassports" by making, and then using, one for Elvis Presley.
Even worse, they tell you exactly how to do it.
The U.S., Canada, the European Union and other developed countries have been introducing electronically reinforced passports in which a radio-frequency ID (RFID) chip is implanted in the passport's cover.
The chip, meant to be read by a scanner at border controls, duplicates much of the information printed in the passport: photo, name, address, place of birth and often a fingerprint.
Government authorities insist the ePassports are more secure and more difficult to forge than regular ones. In the U.S., they're now the only kind being issued.
Yet hackers and computer-security experts have repeatedly shown that the passport RFID chips are easy to read and "clone," even through a wire mesh the U.S. added to ePassports a couple of years ago.
Now the Dutch group's taken it a step further by not just cloning, but creating an entirely new fake ePassport for a very famous dead man.
In a video posted on freeworld.thc.org ("THC" purportedly stands for "The Hacker's Choice"), an unseen person slips what appears to be a standard-issue European Union passport into a self-scanner at Schiphol Airport outside Amsterdam.
Atop the passport is a white card with a small yellow square on one side — presumably the hacked RFID chip.
The screen pops up with the bearer's information: Elvis Aaron Presley, U.S. national, born Jan. 8, 1935, complete with photo and passport ID number.
No alert is raised; the passport's authenticity is not questioned; the fact that a physical European passport seems to be an American one electronically doesn't seem to matter.
Want to do it yourself? The hackers detail the steps, and provide source code, on the same Web page the video's posted on.
To be fair, the user doesn't try to go through actual passport control in the video.
But only the Department of Homeland Security and its sister agencies around the world know for certain whether the "real" scanners are any tougher than the one in the video.
The unnamed hackers' assessment? "Never let a computer do a job that can be done by a human."