Hackers clone Elvis's passport

Dutch hackers have demonstrated a tool that allows the alteration of details stored on RFID-protected passports

Matthew Sparkes
1 Oct 2008

Hackers have released source code that allows the "backup" of RFID-protected passports, although the tool can potentially be used to create fake or cloned documents.

The Hacker's Choice, a non-commercial group of computer security experts, has released a video showing a cloned passport being approved by a security scanner at a Dutch airport. When the reader scans the passport it is revealed to belong to one Elvis Aaron Presley, complete with picture.

A blog post on the site explains that the "attack makes it possible to copy, forge and modify the data so that it is still accepted as a genuine valid passport by the terminal."

However, the scanner is not the same type used at actual border controls, so it is unclear whether this tool could actually be used to fool passport control security checks.

Strangely, for a group of computer experts, their proposed solution to the vulnerability is to avoid computers altogether.

"We know that humans are good at border control. In the end they protected us well for the last 120 years. We also know that humans are good at pattern matching and image recognition. Humans also do an excellent job 'assessing' the person and not just the passport. Take the human part away and passport security falls apart," says the blog post, signed off from The Ministry Of Truth.

"Never let a computer do a job that can be done by a human."

This is not the first time that the security of RFID passports has been called into question. As early as 2006 researchers at the Black Hat conference demonstrated RFID chip cloning.

Last year it was revealed that RFID chips only have a two year warranty, despite being issued in documents designed to last for ten years. The Government has nevertheless said that it is "very confident" that the chips will last for five times their warranty period.

Other RFID-based systems have also come under attack, such as the Oyster card system used on the London Underground. Dutch hackers were able to alter the information stored on the card in order to gain a day's free travel.

Top 5 stories on PC Pro

1. Apple drops iPhone NDA

2. Men prefer net to wife and kids

3. Online bank fraud soars in the UK

4. Ballmer: Windows Cloud to be unveiled within weeks

5. Microsoft offers more search bribes

Read more about: