Statement on ePassport Security

August 7, 2007

A recent news story stimulated by a German researcher has raised questions by the media about the security of RF-enabled smart card technology in ePassports. The Smart Card Alliance wants to assure its members and the public that based on these reports nothing that was demonstrated presents any credible threat to ePassport security. Specifically, the research failed to demonstrate conclusively anything that would allow criminals to successfully alter and then fraudulently use ePassports. Based on a thorough understanding of the layered security features in ePassports, this latest threat scenario does not affect the strong security of smart card-enabled passports.

Last year this same researcher stated cloning of ePassports presented a major security risk, a claim that was widely reported by the media; however, after evaluation by smart card industry experts and the ePassport authorities, the research was ultimately dismissed as not showing any serious security threat.

The Smart Card Alliance has created this statement to inform the industry about this story and to comment on what is known to be true to the best of our knowledge.

The new report states the researcher copied data from a passport chip into another chip. The cloned information code in the second device was later manipulated with malicious code and when the duplicate device was placed on a biometric passport reader, it caused the reader to fail. This test was done on a demonstration reader at a trade show, not in a government-installed location. The researcher went on to speculate that such a failure might change the way the reader would react to a legitimate passport or one that is expired or altered–although he did not actually demonstrate this.

It is important to know that copying information from one ePassport chip to another is roughly equivalent security-wise to making a photocopy of the passport’s data page, and is not a security compromise. The security instead derives from the fact that the digital passport information is all sealed together and signed digitally, so any changes or forgeries would be evident to passport control. A successful attack would involve altering the data inside the chip, creating an authentic new “seal” and then having it accepted by a production ePassport terminal. None of this was demonstrated.

It should be expected that the chip security in passports and other identity credentials will continue to be a subject for hackers looking to uncover vulnerabilities. These types of attacks have been the normal course of business in the smart card industry for many years. Many of the security features in place today are the result of such efforts and researching them and responding to real threats should always be viewed as part of the strengthening of our technology and the solutions they apply to.

The Smart Card Alliance is interested in all potential security issues that are brought to its attention and is committed to making the security and privacy of individuals its number one concern. We will keep the industry informed of any future developments regarding ePassports and other uses of the technology. We welcome input and invite questions about this and other matters involving digital security.