E-passports not verified by customs

Next story

Two US senators have highlighted a glaring security lapse in e-passports.

It was revealed this week that US Customs and Border Protection (CBP) have never used the anti-forgery security measures implemented in US e-passports.

The CBP have apparently been aware of this lapse since 2010 but still don’t possess the tech needed to authenticate the data present in the e-passports.

Mark James, ESET IT Security Specialist, highlights the danger with not being able to authenticate this kind of data.

“Anything with an electronic chip can be hacked. It’s possible to change the data to what you need, then change or adapt the security to cover your tracks.

“Of course with things like passports you would need to change the physical side of the passport as well but that’s been doable for a number of years.

“As we strive to have so much stored and accessible in the digital universe we have to ensure the security of said data is also of the highest degree.

“One of the biggest problems is the perceived security of electronic identification; we often have an elevated trust relationship with “official” security over paper proof.

“One of the biggest problems is ensuring all entities capable of reading RFID data also have the relevant security levels to ensure it’s correct and untampered with, something that’s a lot easier said than done.”

Have you ever been a victim of identity theft? Let us know on Twitter @ESETUK.