
US border havent properly verified visitor passports for more than a decade - kiyanwang
http://www.zdnet.com/article/us-border-officials-havent-been-properly-verifying-visitor-passports-for-over-a-decade/
======
blensor
That's somehow funny. I was involved in a project for standardizing automated
border control in Europe. We developed a document simulator [1] that could
mimic most security features of physical passports, but faking the electronic
part always seemed infeasible because of the electronic signatures involved.

We knew that the distribution of certificates from all countries involved was
still an open issue, meaning most readers had an option to simply ignore the
signature at all.

But knowing that even the CBP does not bother to check the signatures, would
have given all our arguments about the security risks involved an instant
credibility boost.

In the most simplest form the thing we implemented was an android app that you
could upload any passport to (several images in different spectral ranges) and
the smartphone when placed on the scanner would show the scanner whatever it
expected (this obviously only work on self-service terminals).

[1]
[http://ieeexplore.ieee.org/document/6975597/](http://ieeexplore.ieee.org/document/6975597/)

~~~
blensor
Here is a short presentation on security of automated border checks
[http://btn.frontex.europa.eu/system/files/private/events/ple...](http://btn.frontex.europa.eu/system/files/private/events/plenary_session_ii_-
_kriechbaum_2.pdf)

