De La Rue, the company that prints the British passports and banknotes, has announced it is hoping to create new digital passports that can be used at immigration, reports the Daily Mail. IT security experts from Proofpoint, ESET and Tenable discuss the security issues of this plan:
David Jevans, VP of Mobile Security at Proofpoint:
“Digital passports on your phone will require new hardware on the device in order to securely store the electronic passport so it cannot be copied from the phone. It will also have to be communicated wirelessly to passport readers, because doing it onscreen like an airline ticket QR code can be copied or spoofed.
A big problem is what to do when your phone is lost or stolen. This happens far more often than losing a traditional passport. A related challenge is how to deal with replacing your phone with an upgrade, and the issue of trading in your used phone or selling it.
These are significant operational challenges that will need to be solved at a large scale. A final hurdle is that until all countries that you travel to accept the phone-based passport, you will still need to carry your paper passport.”
Mark James, Security Specialist at ESET:
“As with all transitions from physical to digital, security is of paramount importance. The idea of having your identity stolen is a real concern and rightly so. Passports have always been the definitive means to identify us, holding not only visual likeness but also the capabilities of storing digital information in the background. The idea of going to a full digital option will certainly ring some alarm bells for many but I think it’s a natural progression and with the right security measures in place could be the answer.
The question is of course how secure will this data be? With so much of our daily lives being stored in the cloud how much of a problem is it that one more item joins it? Our phones have become so much more than a voice communication device; it’s now possible to link them to your finance systems. The ability to pay for many things with biometric authentication or store your boarding pass for airline flights leads the way to other services being available. One of the other big problems of course will be the uptake of who will accept what forms of passports within different countries; unless it’s a global acceptance it will get no further than headlines in our daily news.”
Gavin Millard, Technical Director EMEA, Tenable Network Security:
“Most European countries have been using digital chips embedded in traditional passports for ten years with little or no impact to security, but with the introduction of a passport being associated with an internet connected device, the threat model changes significantly. With the recent launch of Apple Pay and Google Wallet, proving that mobile devices can be used securely for transactions though, the obvious next step in the evolution of everything digital is the paperless passport.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.