Biometric passport security under fire again

Electronic passports might eventually be replaced by the government's planned ID cards

A German security programmer has demonstrated more flaws in the computer chips used in electronic passports. Last year Lukas Grunwald shocked many when he demonstrated how easily biometric passport chips can be cloned.

Now Grunwald says the security could feasibly be hacked so that the RFID readers in airports would allow expired or even forged passports through. He's been able to alter the data on the passport chips to the extent that they crashed RFID readers made by two different manufactures. Grunwald says that this vulnerability could be exploited to bypass the chip security altogether.

"If you're able to crash something you are most likely able to exploit it," he told Wired .

Electronic passport security flaws

The chips work by storing an encrypted JPEG2000 image of the passport holder. The RFID reader scans the chip, and compares the image to the holder's own face to make sure that the right person is using the passport.

But Grunwald has already demonstrated how he can hack into the chip and modify the image data. It is this that crashes the readers when they scan the chip.

He predicted that most of the vendors are using off-the-shelf software libraries for decoding the JPEG2000 images on passports. This means that a 'one hack fits all' approach would probably defeat any airport in the world.

James Rivington

James was part of the TechRadar editorial team for eight years up until 2015 and now works in a senior position for TR's parent company Future. An experienced Content Director with a demonstrated history of working in the media production industry. Skilled in Search Engine Optimization (SEO), E-commerce Optimization, Journalism, Digital Marketing, and Social Media. James can do it all.