E-Passports Not Secure as You Think

This post is also available in: עברית (Hebrew)

Electronic passports contain embedded electronic computer chips that store biometric information that can be used to authenticate the identity of the passport holder. A newly discovered flaw in these passports lets data thieves scan the passport ‘several feet away’ and track the person’s every movement. The flaw can be found in all electronic passports from all over the world. 

How does the e-passport work? E-passport readers at airports scan the chip inside a passport and identify the holder. The information stored on the chip is the same as that which is displayed on the data page of the passport. They include a biometric identifier. It also has a unique identification number and digital signature as a protective measure. 

The flaw discovered by researchers at the University of Luxembourg allows specific non-authorized equipment to access passport data. 

With the right device, you can scan passports in close vicinity and reidentify previously observed passport holders, keeping track of their movements. This technology has the ability to identify an individual several meters away and then keep track of that passport — meaning they can follow the person everywhere they go, according to dailymail.co.uk.

“As most passports today use the same standard, this security flaw potentially has global impact,” says Dr Ross Horne. In Europe, such a security breach likely violates requirements from the EU data protection framework. Governments have the responsibility to protect individual privacy and to ensure that official documents are bulletproof against such attacks.

The team of researchers outlined several approaches for restoring privacy protection, based on the assumption that the manufacturers of e-passport readers must take responsibility for ensuring privacy protection of passport holders, as reported eurekalert.org.