Feeds

Face and fingerprints swiped in Dutch biometric passport crack

Chip skimmed, then security breached

Designing a Defense for Mobile Applications

Dutch TV programme Nieuwslicht (Newslight) is claiming that the security of the Dutch biometric passport has already been cracked. As the programme reports here, the passport was read remotely and then the security cracked using flaws built into the system, whereupon all of the biometric data could be read.

The crack is attributed to Delft smartcard security specialist Riscure, which here explains that an attack can be executed from around 10 metres and the security broken, revealing date of birth, facial image and fingerprint, in around two hours. Riscure notes that that the speed of the crack is aided by the Dutch passport numbering scheme being sequential.

The process is explained in greater detail by Bart Jacobs, Research Director of the Institute for Computing and Information Sciences, University of Nijmegen, in presentations to be found here. These make it clear that a skimming exercise could potentially yield all biometric data from a passport (or indeed a biometric ID card), giving ID thieves and would-be forgers a considerable leg up in the construction of fakes.

According to the Dutch Interior Ministry ways to improve the security of the passport are being looked at. But note that they say "improve", not "fix". (Thanks to Robin for the tip) ®

Using blade systems to cut costs and sharpen efficiencies

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
iPad? More like iFAD: We reveal why Apple ran off to IBM
But never fear fanbois, you're still lapping up iPhones, Macs
Nadella: Apps must run on ALL WINDOWS – PCs, slabs and mobes
Phone egg, meet desktop chicken - your mother
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
Samsung threatens to cut ties with supplier over child labour allegations
Vows to uphold 'zero tolerance' policy on underage workers
White? Male? You work in tech? Let us guess ... Twitter? We KNEW it!
Grim diversity numbers dumped alongside Facebook earnings
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.