The Home Office has always argued that faked chips would be spotted at border checkpoints because they would not match key codes when checked against an international data-base. But only ten of the forty-five countries with e-passports have signed up to the Public Key Directory (PKD) code system, and only five are using it. Britain is a member but will not use the directory before next year. Even then, the system will be fully secure only if every e-passport country has joined.[From ‘Fakeproof’ e-passport is cloned in minutes – Times Online]
Nearly right. It’s digital signatures that “would not match” and the international database contains the public keys that allow you to check the signatures. I doubt it’s much of a threat to be honest, because you’d have to forge the paper part of the passport to match the cloned chip, and that strikes me as a little harder. The only people who read the chips, or at least attempt to read the chips, are immigration officers. My bank doesn’t have any readers, nor does my airline and nor does Eurostar or anyone else. Anyway, as the journalist points out, digital signatures are pretty useless if no-one implements them. I’m not sure why it’s in the new today, since it’s a recycling of a story that’s a couple of years old
A German computer security consultant has shown that he can clone the electronic passports that the United States and other countries are beginning to distribute this year.[From Hackers Clone E-Passports]
It may be a symptom of a general collapse in public trust of any kind of government IT rather than a specific reflection on anything to do with e-passports.