Security flaws have emerged in new micro-chipped passports that were introduced to protect against terrorism and organised crime.

In tests that The Times was privy to, Jeroen van Beek, a computer researcher at the University of Amsterdam, took less than an hour to clone the chips on two British passports and implanted digital images of Osama bin Laden and a suicide bomber. These were then passed as genuine by passport reader software used by the UN agency that sets standards for e-passports.

Building on research from the UK, Germany and New Zealand, van Beek has developed a method of reading, cloning and altering microchips so that the Golden Reader, the standard software used by the International Civil

Aviation Organisation to test them, accepts them as genuine. It is also the software recommended for use at airports.

The micro-chipped passports contain a tiny radio frequency chip and antenna attached to the inside back page. A special electronic reader sends out an encrypted signal and the chip responds by sending back the holder’s ID and biometric details.

The tests suggest that if the microchips are vulnerable to cloning then bogus biometrics could be inserted in fake or blank passports. The flaws also undermine Home Office claims that the 3,000 blank passports that were stolen last week were worthless, as they could not be forged.

The Home Office has always argued that faked chips can be spotted at border checkpoints because they would not match key codes when checked against an international database. But only 10 of the 45 countries with e-passports have signed up to the Public Key Directory (PKD) code system, and only five are using it.

... contd.