"The whole passport design is totally brain damaged," said Lukas Grunwald. "From my point of view all of these RFID passports are a huge waste of money. They're not increasing security at all."
Because encrypting the data on the e-passport's RFID chip would involve building a complicated infrastructure, countries have opted not to do so, but "if you can read the data, you can clone the data and put it in a new tag," Grunwald said.
Grunwald's ability to clone the e-passports has added to controversy already stirred up by their potential to invade privacy and their similarity to the methods of Big Brother of "1984" fame.
"Either this guy is incredible or this technology is unbelievably stupid," said Gus Hosein, a senior fellow at Privacy International, which officially stands in opposition of the e-passport technology. "I think it's a combination of the two."
"Is this what the best and the brightest of the world could come up with? Or is this what happens when you do policy laundering and you get a bunch of bureaucrats making decisions about technologies they don't understand?"
By spending time reading e-passport standards posted on the U.N.'s International Civil Aviation Organization website, Grunwald said he figured out how to clone the chips in about two weeks. Since all countries' e-passports would be designed using the same ICAO standard, Grunwald says his cloning method would work regardless of country of origin, although he admits the cryptographic hashes used to authenticate data mean people cannot inconspicuously change things like birth date or names on the chips.
Even so, through the cloning process, a known terrorist could carry a passport with his real name and photo, equipped with a cloned RFID chip that identifies someone else. This means that while any human screening the passports would be able to identify the person from his physical passport, a fully electronic system would check the wrong name. Grunwald said that, luckily, the machine-readable OCR at the bottom of the passport would still fail to match the RFID data.
Frank Moss, deputy assistant secretary of state for passport services at the State Department, said that the United States does not intend to use a totally electronic passport-inspection system. However, other countries such as Australia are considering completely automating the process.
According to Moss, Grunwald's accomplishment is no surprise. He said that the e-passport's designers have known about the issue for some time, and added that things like the digital photograph of the passport holder -- embedded in the data page -- could still prevent someone from entering countries through use of a forged or modified e-passport.
"What (Grunwald) has done is neither unexpected nor really all that remarkable," Moss said. "The chip is not in and of itself a silver bullet ... It's an additional means of verifying that the person who is carrying the passport is the person to whom that passport was issued by the relevant government."
Grunwald noted, however, that false identification was not the only danger from cloning e-passports. Someone could introduce malicious code to border-screening computers through the RFID tag or write corrupt data to it, which could crash an electronic inspection system not pre-protected from such an attack.
"I want to say to people that if you're using RFID passports, then please make it secure," Grunwald said. "This is in your own interest and it's also in my interest. If you think about cyberterrorists and nasty, black-hat type of guys, it's a high risk ... From my point of view, it should not be possible to clone the passport at all."
###