With a biometric passport in hand, a traveler was approved and slipped through a self-serve passport machine. A supposedly matched picture flitted across the screen showing none other than Elvis Presley. According to cnn.com, by using an altered biometric chip at Amsterdam’s Schiphol airport in September 2008, Adam Laurie and Jeroen Van Beek were able to clear a passport through an automated scanning system under the name of rock-and-roll king of late, Elvis Presley.
Thankfully, however, Laurie and Van Beek call themselves “ethical hackers” and performed this procedure only to prove a point. But that is not to say that hackers of their same caliber are not at work. This “ethical hacking” research has been underway in various stages since 2008 with the goal of demonstrating just how easily a real hacker can slip by unnoticed.
Laurie and Van Beek experiment with the biometric passports standard throughout the U.S. and Europe along with many other countries. These passports contain data including fingerprint and eye scans and digital photos embedded on an attached clip.
According to Laurie and Van Beek, the weakness of biometric passports lies mostly in the process of each country verifying security signatures. As long as the hacker produces fake biometrics signed off by a country besides the one they hope to enter, the process can be accomplished for a mere $100 dollar off the shelf equipment investment.
In their Elvis Presley example, Laurie and Van Beek actually created fake security signatures for a non-existent country. They say the problem is that there is no international system that distributes and shares the various security signatures from other countries.
They also relate that borders may be weakening because of over inflated trust in automated scanning. By corresponding fake photos and chips, a hacker can successfully rig the system.
While Northwestern students may not be looking to pass for Elvis Presley or become world-class hackers, many are hoping to travel overseas during spring break.
Sophia Landis, a freshman member of the choir, had to obtain a passport recently in order to travel throughout Europe during the spring break tour. Landis recalled her January experience of filling out registration forms, taking headshots and going to the courthouse for more forms, fees and photos.
By the end of the process, Landis had provided her driver’s license and voter registration to verify her permanent address, her birth certificate and social security card to prove her citizenship, two identical photos and several signatures, including her own.
Despite the many steps in the verification process, however, fraud still occurs. Landis pointed out, “I thought the verification process was pretty average. I think there could have been more security, like if I had brought in all my sister’s information, no one probably would have known.”
On the other hand, freshman Erica Bauserman, another NW student traveling through Europe over spring break, felt the process was very “thorough.” Having received her passport in the summer of 2009, Bauserman remembered, “the paper asked me a lot of questions,” yet she said she “felt the process was reasonable.” Having completed the verification process and feeling prepared for travel, Bauserman feels confident that “it was a process that prevented fraud.”
While student’s sentiments toward the reliability of the system may vary as they head into spring break, most anyone can relate with Landis’ statement: “As far as people using Elvis’ information, that’s really scary that it worked.”