Face and fingerprints swiped in Dutch biometric passport crack
PrintChip skimmed, then security breached
Posted in Music and Media, 30th January 2006 12:38 GMT
Free whitepaper – PowerEdge M-Series blades I/O guide
Dutch TV programme Nieuwslicht (Newslight) is claiming that the security of the Dutch biometric passport has already been cracked. As the programme reports here, the passport was read remotely and then the security cracked using flaws built into the system, whereupon all of the biometric data could be read.
The crack is attributed to Delft smartcard security specialist Riscure, which here explains that an attack can be executed from around 10 metres and the security broken, revealing date of birth, facial image and fingerprint, in around two hours. Riscure notes that that the speed of the crack is aided by the Dutch passport numbering scheme being sequential.
The process is explained in greater detail by Bart Jacobs, Research Director of the Institute for Computing and Information Sciences, University of Nijmegen, in presentations to be found here. These make it clear that a skimming exercise could potentially yield all biometric data from a passport (or indeed a biometric ID card), giving ID thieves and would-be forgers a considerable leg up in the construction of fakes.
According to the Dutch Interior Ministry ways to improve the security of the passport are being looked at. But note that they say "improve", not "fix". (Thanks to Robin for the tip) ®
The Register Agile Data Center Summit
Managing desktop software for fun and profit
Analyst Keynote: The Register Agile Data Center Summit
Dirty, dirty PCs: The X-rated picture guide
Top 500 supers - rise of the Linux quad-cores
Early adopters bloodied by Ubuntu's Karmic Koala
Sign up, sign up for The Register IT security newsletter