Ethical Hackers pass Amsterdam’s Schiphol airport Biometric Security using a Hacked Passport with the details of a dead man.

Elvis Presley

Advertisements

Biometric passports are a brilliant idea, just ask the Americans.

uh, maybe not !

Since 2007, the U.S. State Department has been issuing high-tech “e-passports,” which contain computer chips carrying biometric data to prevent forgery. Unfortunately, according to a March report from the Government Accountability Office (GAO), getting one of these supersecure passports under false pretenses isn’t particularly difficult for anyone with even basic forgery skills.

A GAO investigator managed to obtain four genuine U.S. passports using fake names and fraudulent documents. In one case, he used the Social Security number of a man who had died in 1965. In another, he used the Social Security number of a fictitious 5-year-old child created for a previous investigation, along with an ID showing that he was 53 years old. The investigator then used one of the fake passports to buy a plane ticket, obtain a boarding pass, and make it through a security checkpoint at a major U.S. airport. (When presented with the results of the GAO investigation, the State Department agreed that there was a “major vulnerability” in the passport issuance process and agreed to study the matter.)

More than 70 countries have adopted the biometric passports, which officials describe as a revolution in immigration security. However, the GAO’s investigation proves that even the best technology can’t keep a country safe when the bureaucracy behind it fails.

Thats the relevant point up there. The red one. Biometrics are seen as a panacea by government and business leaders without understanding the requirement for complex process to support them. This, supported with a blind resolution that they cannot be bypassed, is why they will fail.

Every Time.

Biometrics go up to 11 !

December 8, 2009

(Copied blatantly from http://www.theRegister.co.uk, mainly for the spinal tap reference !)

The Israeli Knesset has voted in favour of a bill for a compulsory biometric database of all citizens.

The Biometrics Database Law passed the Knesset 40 votes in favour to 11 against.

A big row over privacy forced the bill back to the drawing board. This led to the idea of a two-year trial rather than a full-blown introduction. Three months before the end of that period ministers will decide to adopt or ditch the technology.

For the first two years the scheme is voluntary. After that all citizens wanting an identification document will have their fingerprints taken along with a picture of their face. Electronic ID cards will contain a chip carrying two fingerprints (These Two ? ) and a digital picture.

Ex-interior minister Meir Sheetrit insisted the database would be safe “as any banking site” and the cards impossible to forge.

Sounding a bit Spinal Tap, he said: “If the databases of the Mossad, the Shin Bet and the Prime Minister’s Office are currently protected at a level of 10, then this one will be protected at a level of 11.”

This is Brilliant !

December 8, 2009

Japanese police have arrested a Chinese woman whom they claim had her fingerprints removed from the fingertips of each hand and swapped to the other side in order to fool immigration controls.

Link

ID Cards – Food for Thought

November 19, 2009

In May 2005 Atos Origin carried out a Biometrics Enrollment trial on behalf of the UK Passport Service. There were 10,000 participants.

The goal  was to test the processes and record customer experience and attitude during the recording and verification of facial, iris and fingerprint biometrics.

The following statistics were recorded in that trial:

  • “The average times for Quota participants were 39 seconds for facial verification, 58 seconds for iris verification and 1min 13 seconds for fingerprint verification.”

About a minute to scan for verification. It might not seem much but if these are viewed against, say,  a Boeing 747 with 400 passengers arriving at a UK airport. Verification against Biometic ID card data would take approximately 7 Hours to pass though security Verification !

And that does not even reference the Verification Failure rates:-

  • Iris – 96% Success Rate
  • Fingerprints – 81% Success Rate
  • Facial Verification – 69% Success Rate (Falling to 48% for disabled participants)

Thats not a Typo, the failure rate for facial recognition was 31-52% !

At the trial in Manchester airport (Yes, if your not aware, the UK government is trialing Facial recognition in the UK) the failure rate was so high they had to recalibrate the scanner  to be less sensitive to reduce the delays caused by constant rescanning.

To pass you now need only a 30% likeness to the Biometric data!

At 30% the machines can not tell the difference between Osama bin Laden and Winona Ryder. Gordon Brown is indistinguishable from Mel Gibson.

 

Now that really is food for thought….

 

Link to report – http://dematerialisedid.com/PDFs/UKPSBiometrics_Enrolment_Trial_Report.pdf