Seit 2005, all newly issued passports contain a small chip that stores biometric data from its owner. As the Chaos Computer Club (CCC) now writes, since the beginning of April, European border authorities have been reading these data for the first time from the "ePass" and are balancing them against central databases. The storage of biometric data is therefore an old hat, so the CCC is about the new adjustment. What do the hackers have since a problem?
"Treat all travelers like criminals"
The digital copies of two fingerprints and the photo in the ePass should allow for a secure identification. For the citizen, this has advantages: in the case of controls, for example, the card is read quickly, a camera captures the face of the traveler and a computer immediately matches the stored photo - go on, done! There were no disadvantages for data protection: Until now, these data were only stored in the identity card, and the Bundesdruckerei is said to have destroyed all the biometrics received after the identification of the card. Criminals are losing this right of citizenship, of course: their biometric data has always been stored in central databases. What is new now is that at the external borders of the European Union, the so-called Schengen area, The biometric data are read out and compared against central databases. For the CCC, this is a paradigm shift: "A recording of the personal biometric features is equivalent to an automatic recognition service at every border crossing. In the future, all travelers will be treated simply as criminals - regardless of whether they are EU citizens or not. "
Today without biometrics: passport "well done"
For the CCC, there is only one way to "evade this illegal investigation as an unscrupulous citizen": the deactivation of the microchip in ePass. To this the hackers have published a short video. This shows how an ePass is transformed into a purely analogous identification document with the help of an induction heating plate: The electromagnetic pulses that emit induction fires when no pot rests destroy the sensitive RFID chip without visibly damaging the identity card. A small catch of the method: The identification, which still remains valid according to the CCC, can only be controlled "traditionally" by people in the future, and there is no longer any speeding up at the EU's external borders, and manipulation of official ID documents is forbidden And thus punishable.