Regional sites:
Specialized sites:
Fears have been expressed in a dramatic way regarding
ePassport’s security.
With the following elements, Gemalto would like to clarify what ePassports are,
how they operate, why they are more secure and enhance border control while
protecting citizen’s privacy.
A Dutch researcher, Jeroen van Beek recently claimed he broke the ePassport security. It is not the first time such types of claims are announced.
This time, the researcher claims he was able to change the information within a ePassport (for example substitute the image with a different one, such as the one of Osama bin Laden). He claims the resulting ePassport was then read on a Golden Reader, whom he claims corresponds to the ones used at border control. He claims that the UK does not have the adequate verification keys to verify ePassports authenticity and integrity.
The Dutch researcher omitted a major step in his process: the one of effectively checking the forged ePassport. The Golden Reader is a test tool to check technical reading interoperability and does not involve the effective country signature verification. The researcher's forged ePassport was not genuinely signed (using a so-called country signature): it is like a letter with a wrong signature.
Regarding access to the signature verification keys, countries can use a centralized directory (PKD) or exchange keys with countries via bilateral agreements.Whichever solution chosen, authorities will perform electronic checks only on the ePassports, for which they have the key. For the others, they will rely on the traditionnal visual check of the physical document.
No, there is no threat.
