In association with heise online

04 May 2009, 14:14

Shaky security of Swiss biometric passports

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A test report by the Swiss supervisory authority for communications (Bundesamt für Kommunikation (Bakom) says the Swiss E-Pass reader system is not proof against interception. Bakom experts evidently managed to intercept data transmitted by an E-Pass chip to two readers under test. The Swiss Tages-Anzeiger reports today (Monday) that Bakom, in an as yet unpublished test report, lists "several security flaws". The system is now to be modified at Bakom's recommendation.

According to the report, Bakom's testers were able to snoop remotely on the reading process using a simple receiver. The conclusion of Bakom is reported to be that, under "ideal conditions", this could be done from a distance of up to 25 metres. The data stream thus obtained could be stored and further processed offline. Worse than that, it is said that such reader systems can also route data over the mains supply system "unintentionally", allowing them to be picked up from much greater distances – more than 500 metres away.

The Swiss Federal Office of Police (Fedpol), which commissioned the investigation, emphasised that the intercepted data were still encrypted, reports the Tages-Anzeiger, but wanted to draw the consequences all the same and, on Bakom's recommendation, want the readers to be retrofitted with filters that would make it more difficult to eavesdrop on the data by means of radio or via the mains system.

Since 2006, under a pilot project, passports fitted with a chip storing biometric characteristics of the holder have been issued in Switzerland on a voluntary basis. Following Switzerland's accession to the Schengen Agreement at the turn of the year, the plan is for all Swiss citizens to be issued with a new E-Pass in future. But the citizens will have the last word on this; In a referendum on 17 May, Swiss voters will decide whether the obligatory introduction of this personal document goes ahead.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit