{"id":7658,"date":"2019-09-25T13:21:41","date_gmt":"2019-09-25T13:21:41","guid":{"rendered":"https:\/\/website.prod.unilu.spikeseed.cloud\/en\/news\/researchers-uncover-privacy-flaw-in-e-passports\/"},"modified":"2019-09-25T13:21:41","modified_gmt":"2019-09-25T13:21:41","slug":"researchers-uncover-privacy-flaw-in-e-passports","status":"publish","type":"news","link":"https:\/\/www.uni.lu\/en\/news\/researchers-uncover-privacy-flaw-in-e-passports\/","title":{"rendered":"Researchers uncover privacy flaw in e-passports"},"content":{"rendered":"<section class=\"wp-block-unilux-blocks-free-section section\"><div class=\"container xl:max-w-screen-xl\"><p>ESORICS 2019 Conference: Researchers at the University of Luxembourg have discovered a flaw in the security standard used in biometric passports (e-passports) worldwide since 2004. This standard, <i>ICAO 9303,<\/i> allows e-passport readers at airports to scan the chip inside a passport and identify the holder.<\/p><p>Most passports today use the standard <i>ICAO 9303<\/i>, which is issued by the International Civil Aviation Organization (ICAO). The standard is designed to ensure that the privacy and unlinkability of the passport holder is protected to the highest degree. Unlinkability ensures that an attacker could not distinguish if two elements are closely related.<\/p><p><a href=\"https:\/\/satoss.uni.lu\/members\/ross\/\" target=\"_blank\" title=\"\" rel=\"noopener\">Dr Ross Horne<\/a>, <a href=\"http:\/\/satoss.uni.lu\/members\/sjouke\/\" target=\"_blank\" title=\"\" rel=\"noopener\">Prof. Sjouke Mauw<\/a>, PhD candidate Zach Smith and Master student Ihor Filimonov tested the standard. They discovered a flaw which allows specific non-authorised equipment to access passport data. \u201cWith the right device, you can scan passports in close vicinity and reidentify previously observed passport holders, keeping track of their movements\u201d, Dr Horne explains. \u201cThus, passport holders are not protected against having their movements traced by an unauthorised observer.\u201d<\/p>\n<h3 class=\"has-text-align-left wp-block-unilux-blocks-heading\"        id=\"limits-and-implications-of-the-flaw\"\n    >\nLimits and implications of the flaw<\/h3>\n<p>An unauthorised device scanning a passport within several meters can identify and keep track of that passport, even though it cannot read the passport. Thus, the privacy of the passport holder are vulnerable to potential attacks, even though the flaw does not allow attackers to read all information from a given passport or to compromise biometric information stored in a chip inside the passport.<\/p><p>\u201cAs most passports today use the same standard, this security flaw potentially has global impact,\u201d continues Dr Horne. In Europe, such a security breach likely violates requirements from the EU data protection framework. Governments have the responsibility to protect individual privacy and to ensure that official documents are bulletproof against such attacks.<\/p><p>The team of researchers shared their test results with ICAO in June 2019. They also outlined several approaches for restoring privacy protection, based on the assumption that the manufacturers of e-passport readers must take responsibility for ensuring privacy protection of passport holders.<\/p><p>The results of the study \u201cBreaking Unlinkability of the ICAO 9303 Standard for e-Passports Using Bisimilarity\u201d were presented on Tuesday 24 September at ESORICS 2019, a high-level systems security conference in Europe. The 24th edition of ESORICS is organised by the <a href=\"https:\/\/wwwen.uni.lu\/snt\" target=\"_self\" title=\"\" rel=\"noopener\">Interdisciplinary Centre for Security, Reliability and Trust (SnT)<\/a> at the University of Luxembourg, from 23 to 27 September.<\/p><\/div><\/section>","protected":false},"excerpt":{"rendered":"<p>ESORICS 2019 Conference: Researchers at the University of Luxembourg have discovered a flaw in the security standard used in biometric passports (e-passports) worldwide since 2004. This standard, ICAO 9303, allows e-passport readers at airports to scan the chip inside a passport and identify the holder.<\/p>\n","protected":false},"author":0,"featured_media":7659,"template":"","format":"standard","meta":{"featured_image_focal_point":[],"show_featured_caption":false,"ulux_newsletter_groups":"","uluxPostTitle":"","uluxPrePostTitle":"","_trash_the_other_posts":false,"_price":"","_stock":"","_tribe_ticket_header":"","_tribe_default_ticket_provider":"","_tribe_ticket_capacity":"0","_ticket_start_date":"","_ticket_end_date":"","_tribe_ticket_show_description":"","_tribe_ticket_show_not_going":false,"_tribe_ticket_use_global_stock":"","_tribe_ticket_global_stock_level":"","_global_stock_mode":"","_global_stock_cap":"","_tribe_rsvp_for_event":"","_tribe_ticket_going_count":"","_tribe_ticket_not_going_count":"","_tribe_tickets_list":"[]","_tribe_ticket_has_attendee_info_fields":false},"news-category":[11,10],"news-topic":[],"organisation":[32,191,233],"authorship":[],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.3 (Yoast SEO v22.3) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Researchers uncover privacy flaw in e-passports - University of Luxembourg<\/title>\n<meta name=\"description\" content=\"ESORICS 2019 Conference: Researchers at the University of Luxembourg have discovered a flaw in the security standard used in biometric passports (e-passports) worldwide since 2004. This standard, ICAO 9303, allows e-passport readers at airports to scan the chip inside a passport and identify the holder.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.uni.lu\/en\/news\/researchers-uncover-privacy-flaw-in-e-passports\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Researchers uncover privacy flaw in e-passports\" \/>\n<meta property=\"og:description\" content=\"ESORICS 2019 Conference: Researchers at the University of Luxembourg have discovered a flaw in the security standard used in biometric passports (e-passports) worldwide since 2004. This standard, ICAO 9303, allows e-passport readers at airports to scan the chip inside a passport and identify the holder.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.uni.lu\/en\/news\/researchers-uncover-privacy-flaw-in-e-passports\/\" \/>\n<meta property=\"og:site_name\" content=\"UNI EN\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/uni.lu\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/9\/2019\/09\/faille_en_matiere_de_protection_de_la_vie_privee_dans_les_e_passeports.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\/\/www.uni.lu\/en\/news\/researchers-uncover-privacy-flaw-in-e-passports\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.uni.lu\/en\/news\/researchers-uncover-privacy-flaw-in-e-passports\/\"},\"author\":{\"name\":\"\",\"@id\":\"\"},\"headline\":\"Researchers uncover privacy flaw in e-passports\",\"datePublished\":\"2019-09-25T13:21:41+00:00\",\"dateModified\":\"2019-09-25T13:21:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.uni.lu\/en\/news\/researchers-uncover-privacy-flaw-in-e-passports\/\"},\"wordCount\":382,\"publisher\":{\"@id\":\"https:\/\/www.uni.lu\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.uni.lu\/en\/news\/researchers-uncover-privacy-flaw-in-e-passports\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/9\/2019\/09\/faille_en_matiere_de_protection_de_la_vie_privee_dans_les_e_passeports.jpg\",\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.uni.lu\/en\/news\/researchers-uncover-privacy-flaw-in-e-passports\/\",\"url\":\"https:\/\/www.uni.lu\/en\/news\/researchers-uncover-privacy-flaw-in-e-passports\/\",\"name\":\"Researchers uncover privacy flaw in e-passports - University of Luxembourg\",\"isPartOf\":{\"@id\":\"https:\/\/www.uni.lu\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.uni.lu\/en\/news\/researchers-uncover-privacy-flaw-in-e-passports\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.uni.lu\/en\/news\/researchers-uncover-privacy-flaw-in-e-passports\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/9\/2019\/09\/faille_en_matiere_de_protection_de_la_vie_privee_dans_les_e_passeports.jpg\",\"datePublished\":\"2019-09-25T13:21:41+00:00\",\"dateModified\":\"2019-09-25T13:21:41+00:00\",\"description\":\"ESORICS 2019 Conference: Researchers at the University of Luxembourg have discovered a flaw in the security standard used in biometric passports (e-passports) worldwide since 2004. This standard, ICAO 9303, allows e-passport readers at airports to scan the chip inside a passport and identify the holder.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.uni.lu\/en\/news\/researchers-uncover-privacy-flaw-in-e-passports\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.uni.lu\/en\/news\/researchers-uncover-privacy-flaw-in-e-passports\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.uni.lu\/en\/news\/researchers-uncover-privacy-flaw-in-e-passports\/#primaryimage\",\"url\":\"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/9\/2019\/09\/faille_en_matiere_de_protection_de_la_vie_privee_dans_les_e_passeports.jpg\",\"contentUrl\":\"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/9\/2019\/09\/faille_en_matiere_de_protection_de_la_vie_privee_dans_les_e_passeports.jpg\",\"width\":800,\"height\":600},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.uni.lu\/en\/news\/researchers-uncover-privacy-flaw-in-e-passports\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.uni.lu\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"News\",\"item\":\"https:\/\/www.uni.lu\/en\/news\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Researchers uncover privacy flaw in e-passports\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.uni.lu\/en\/#website\",\"url\":\"https:\/\/www.uni.lu\/en\/\",\"name\":\"Uni.lu\",\"description\":\"University of Luxembourg\",\"publisher\":{\"@id\":\"https:\/\/www.uni.lu\/en\/#organization\"},\"alternateName\":\"University of Luxembourg\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.uni.lu\/en\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.uni.lu\/en\/#organization\",\"name\":\"University of Luxembourg\",\"alternateName\":\"Uni.lu\",\"url\":\"https:\/\/www.uni.lu\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.uni.lu\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/9\/2026\/03\/03120157\/UNIV_SM-Profile_1600x1600px-scaled.jpg\",\"contentUrl\":\"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/9\/2026\/03\/03120157\/UNIV_SM-Profile_1600x1600px-scaled.jpg\",\"width\":2560,\"height\":2560,\"caption\":\"University of Luxembourg\"},\"image\":{\"@id\":\"https:\/\/www.uni.lu\/en\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/uni.lu\",\"https:\/\/www.linkedin.com\/school\/university-of-luxembourg\/\",\"https:\/\/www.instagram.com\/uni.lu\",\"https:\/\/www.youtube.com\/@uni_lu\",\"https:\/\/en.wikipedia.org\/wiki\/University_of_Luxembourg\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Researchers uncover privacy flaw in e-passports - University of Luxembourg","description":"ESORICS 2019 Conference: Researchers at the University of Luxembourg have discovered a flaw in the security standard used in biometric passports (e-passports) worldwide since 2004. This standard, ICAO 9303, allows e-passport readers at airports to scan the chip inside a passport and identify the holder.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.uni.lu\/en\/news\/researchers-uncover-privacy-flaw-in-e-passports\/","og_locale":"en_GB","og_type":"article","og_title":"Researchers uncover privacy flaw in e-passports","og_description":"ESORICS 2019 Conference: Researchers at the University of Luxembourg have discovered a flaw in the security standard used in biometric passports (e-passports) worldwide since 2004. This standard, ICAO 9303, allows e-passport readers at airports to scan the chip inside a passport and identify the holder.","og_url":"https:\/\/www.uni.lu\/en\/news\/researchers-uncover-privacy-flaw-in-e-passports\/","og_site_name":"UNI EN","article_publisher":"https:\/\/www.facebook.com\/uni.lu","og_image":[{"width":800,"height":600,"url":"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/9\/2019\/09\/faille_en_matiere_de_protection_de_la_vie_privee_dans_les_e_passeports.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/www.uni.lu\/en\/news\/researchers-uncover-privacy-flaw-in-e-passports\/#article","isPartOf":{"@id":"https:\/\/www.uni.lu\/en\/news\/researchers-uncover-privacy-flaw-in-e-passports\/"},"author":{"name":"","@id":""},"headline":"Researchers uncover privacy flaw in e-passports","datePublished":"2019-09-25T13:21:41+00:00","dateModified":"2019-09-25T13:21:41+00:00","mainEntityOfPage":{"@id":"https:\/\/www.uni.lu\/en\/news\/researchers-uncover-privacy-flaw-in-e-passports\/"},"wordCount":382,"publisher":{"@id":"https:\/\/www.uni.lu\/en\/#organization"},"image":{"@id":"https:\/\/www.uni.lu\/en\/news\/researchers-uncover-privacy-flaw-in-e-passports\/#primaryimage"},"thumbnailUrl":"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/9\/2019\/09\/faille_en_matiere_de_protection_de_la_vie_privee_dans_les_e_passeports.jpg","inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/www.uni.lu\/en\/news\/researchers-uncover-privacy-flaw-in-e-passports\/","url":"https:\/\/www.uni.lu\/en\/news\/researchers-uncover-privacy-flaw-in-e-passports\/","name":"Researchers uncover privacy flaw in e-passports - University of Luxembourg","isPartOf":{"@id":"https:\/\/www.uni.lu\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.uni.lu\/en\/news\/researchers-uncover-privacy-flaw-in-e-passports\/#primaryimage"},"image":{"@id":"https:\/\/www.uni.lu\/en\/news\/researchers-uncover-privacy-flaw-in-e-passports\/#primaryimage"},"thumbnailUrl":"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/9\/2019\/09\/faille_en_matiere_de_protection_de_la_vie_privee_dans_les_e_passeports.jpg","datePublished":"2019-09-25T13:21:41+00:00","dateModified":"2019-09-25T13:21:41+00:00","description":"ESORICS 2019 Conference: Researchers at the University of Luxembourg have discovered a flaw in the security standard used in biometric passports (e-passports) worldwide since 2004. This standard, ICAO 9303, allows e-passport readers at airports to scan the chip inside a passport and identify the holder.","breadcrumb":{"@id":"https:\/\/www.uni.lu\/en\/news\/researchers-uncover-privacy-flaw-in-e-passports\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.uni.lu\/en\/news\/researchers-uncover-privacy-flaw-in-e-passports\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.uni.lu\/en\/news\/researchers-uncover-privacy-flaw-in-e-passports\/#primaryimage","url":"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/9\/2019\/09\/faille_en_matiere_de_protection_de_la_vie_privee_dans_les_e_passeports.jpg","contentUrl":"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/9\/2019\/09\/faille_en_matiere_de_protection_de_la_vie_privee_dans_les_e_passeports.jpg","width":800,"height":600},{"@type":"BreadcrumbList","@id":"https:\/\/www.uni.lu\/en\/news\/researchers-uncover-privacy-flaw-in-e-passports\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.uni.lu\/en\/"},{"@type":"ListItem","position":2,"name":"News","item":"https:\/\/www.uni.lu\/en\/news\/"},{"@type":"ListItem","position":3,"name":"Researchers uncover privacy flaw in e-passports"}]},{"@type":"WebSite","@id":"https:\/\/www.uni.lu\/en\/#website","url":"https:\/\/www.uni.lu\/en\/","name":"Uni.lu","description":"University of Luxembourg","publisher":{"@id":"https:\/\/www.uni.lu\/en\/#organization"},"alternateName":"University of Luxembourg","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.uni.lu\/en\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.uni.lu\/en\/#organization","name":"University of Luxembourg","alternateName":"Uni.lu","url":"https:\/\/www.uni.lu\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.uni.lu\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/9\/2026\/03\/03120157\/UNIV_SM-Profile_1600x1600px-scaled.jpg","contentUrl":"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/9\/2026\/03\/03120157\/UNIV_SM-Profile_1600x1600px-scaled.jpg","width":2560,"height":2560,"caption":"University of Luxembourg"},"image":{"@id":"https:\/\/www.uni.lu\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/uni.lu","https:\/\/www.linkedin.com\/school\/university-of-luxembourg\/","https:\/\/www.instagram.com\/uni.lu","https:\/\/www.youtube.com\/@uni_lu","https:\/\/en.wikipedia.org\/wiki\/University_of_Luxembourg"]}]}},"blog_id":9,"_links":{"self":[{"href":"https:\/\/www.uni.lu\/en\/wp-json\/wp\/v2\/news\/7658"}],"collection":[{"href":"https:\/\/www.uni.lu\/en\/wp-json\/wp\/v2\/news"}],"about":[{"href":"https:\/\/www.uni.lu\/en\/wp-json\/wp\/v2\/types\/news"}],"version-history":[{"count":0,"href":"https:\/\/www.uni.lu\/en\/wp-json\/wp\/v2\/news\/7658\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.uni.lu\/en\/wp-json\/wp\/v2\/media\/7659"}],"wp:attachment":[{"href":"https:\/\/www.uni.lu\/en\/wp-json\/wp\/v2\/media?parent=7658"}],"wp:term":[{"taxonomy":"news-category","embeddable":true,"href":"https:\/\/www.uni.lu\/en\/wp-json\/wp\/v2\/news-category?post=7658"},{"taxonomy":"news-topic","embeddable":true,"href":"https:\/\/www.uni.lu\/en\/wp-json\/wp\/v2\/news-topic?post=7658"},{"taxonomy":"organisation","embeddable":true,"href":"https:\/\/www.uni.lu\/en\/wp-json\/wp\/v2\/organisation?post=7658"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}