They are the “safest ever”, according to the Government. But the Daily Mail reveals today how easily a person’s identity can be stolen from new biometric passports.
A shocking security gap allows the personal details and photograph in any electronic passport to be copied from the outside of the envelope in which it is delivered to homes.
The passport holder is none the wiser when it arrives because the white envelope has not been tampered with or opened.
Using a simple gadget built from parts bought on the Internet, it took the Mail less than four hours to copy the details from one passport.
It had been delivered in the normal way by national courier company Secure Mail Services to a young woman in Islington, North London.
With her permission we took away the envelope containing her passport and never opened it.
By the end of the afternoon, we had stolen enough information from the passport’s electronic chip – including the woman’s photograph – to be able to clone an identical document if we had wished.
More significantly, we had the details which would allow a fraudster, people trafficker or illegal immigrant to set up a new life in Britain.
The criminal could open a bank account, claim state benefits and undertake a myriad financial and legal transactions in someone else’s name.
This revelation will prove a major embarrassment to ministers. Since their introduction a year ago, more than four million biometric travel documents have been delivered by courier.
And I have no sympathy for any of them.
All of them were warned well in advance about the dangers of these passports, and yet, they all lined up for them like sheep.
The Government believes this is the safest way of sending out passports. But this may be an illusion.
It is an illusion, and you have just proved it!
Each of these passports is now an ID transmitter that silently puts your information out there to whoever wants it.
The passports are dispatched in white envelopes which are easily recognisable from the distinctive lettering and figures on the outside.
This is not the worst of it. Anyone carrying one of these ID transmitting passports around can have their information snarfed as they walk down the street. A smart snarfler will put antennae near the entrances of banks (or anywhere else that people regularly show their passports) and then sit back and watch the data roll in. They will not even have to be there. All they need to do is set up a system that phones home when it collects a batch of passports. Cheap laptops in a small box could do it with ease.
There is no identity check on the person signing for the passport when it arrives. In multi-occupancy flats they can be handed to anyone at the address. Thousands have already gone missing.
That is irrelevant, since the data can be snarfed in transit or no matter where it is, wether the right person receives it or not.
We began our investigation by asking Elizabeth Wood, a 33-year old web designer, to apply for a new biometric passport.
She telephoned the Identity and Passport Service on Monday, February 12.
Because she wanted the passport quickly, she was asked to go to the IPS office in Victoria, Central London, the following afternoon.
If she had not requested the fasttrack service, the passport would normally have been sent out without a face-to-face interview.
And now we have the sneaky advocation for the interrogation centres that HMG is setting up.
The next day Miss Wood met an official for ten minutes. The details on her application form were verified using two forms of ID – normally a household bill and a bank statement. Her photograph was also examined.
Miss Wood paid 91 for the fasttrack delivery and was told her passport would be sent to her home by secure courier in exactly seven days.
That is as it should be. Getting a passport is a RIGHT. It is used only to tell governments of other countries that you are a British Citizen entitled to protections afforded to such people. Far too much weight is given to passports and identity documents like driving licenses.
In fact, it took just four days, arriving when Miss Wood was in the shower. Her boyfriend went to the door and signed for the document. He was able to do so without showing any form of identity to the courier, who did not ask for Miss Wood.
This is also perfectly acceptable. If her passport goes missing, she will report it to the Passport Office and then they will cancel that passport number, meaning that it will become worthless. That is why it is ok for her boyfriend to collect the passport for her. A passport is not some magic book that confers UlTimAte PoWer to its holder. Get a grip you idiots!
But there is another gaping hole in security. At first glance the new biometric passport looks much like the traditional one.
The only clue on the outside of the document that it contains an electronic chip is a small gold square on the front.
Inside the passport there is a laminated page containing the holder’s picture, passport number, name, nationality, sex, signature, date and place of birth and the document’s issue and expiry date.
At the bottom of this page are two lines of printed numbers and letters which can be read by a computer when the passport is swiped through a special machine by immigration officials. It is called the Machine Readable Zone.
On the back of the page is a tiny computer chip, surrounded by a coil of copper-coloured wire. This is a Radio Frequency Identification microchip, which can be read using radio waves.
Encoded on the passport’s RFID chip are three important files. One contains an electronic copy of the printed information on the passport’s photo page; the second holds the electronic image of the holder’s photo. The third is a security device which checks that the previous two files are not accessed and altered.
In order to get into the files, the computer needs an “electronic key”. This is the 24-digit code printed on the bottom line of the passport’s Machine Readable Zone. It is called the “MRZ key number”.
When an immigration official checks the passport by swiping it through his machine, it reveals the key which is then used to open up the electronic data on the microchip.
And this is the error that my system overcomes.
The official checks that the photograph and information printed on the passport match the details on the chip and the holder is allowed to pass in, or out, of the country.
The Government says the biometric chips are protected by “an advanced digital encryption technique”. In other words, without the MRZ key code it is impossible to steal the passport holder’s details if you do not have their travel document.
Yet it took us no time at all to unravel the crucial code, using a relatively simple computer software programme and a scanning device.
There is no extra utility in using RFID in a passport. This is simply vendor pushed garbage. A printed paper cryptographic public key system is far more secure than any RFID system.
The Mail was helped by computer security consultant Adam Laurie, who advises public bodies and private companies on combating IT fraud. He discovered glaring weaknesses in the biometric passport’s security system.
The first flaw is that a hacker can try to access the chip as many times as he likes until he cracks the MRZ code. This is different to putting a pin number into a bank machine, where the security system refuses access after three wrong combinations are entered.
The second is that there are easily identifiable recurring patterns in the MRZ key codes issued. For example, the passport holder’s date of birth always features, as does the passport’s expiry date, which is ten years after the issue date.
These are schoolboy howlers. PGP signed documents do not have this vulnerability. The problem with PGP is that it costs nothing and vendors cant make a killing out of it.
The Mail is not publishing full details of Miss Wood’s passport to protect her. We know exactly how Mr Laurie cracked the MRZ code but we are not going to reveal the process for security reasons.
Crucially, he only needed one new piece of information – Miss Wood’s date of birth.
In under two hours, the Mail had found this by checking the electoral roll, birth records and looking at genealogical sites on the Internet.
Miss Wood’s photo page soon popped up on Mr Laurie’s laptop screen. He had not needed to see her actual passport – the white envelope containing it remained unopened on the desk.
And RFID passports make all of this much easier.
Crucially, some banks, including the Post Office, no longer require to see a full passport as proof of identity from a new customer opening an account. They ask for a photocopy of the photo page to be sent in the post instead.
This is not crucial. Opening a bank account is simply a service. Its your money. If you put your money in a shoe box under your bed or in a bank it makes no difference. You should be able to identify yourself by whatever means you like if it is YOUR money in YOUR account. Ahhhh journalists!.
Miss Wood’s photo page could easily be copied and used for this purpose. Mr Laurie said: “I used public information and equipment that is legal. The software took me three days to write. It is incredibly easy to thieve data from the passports. It could be put onto another chip and implanted in a blank passport.”
Phil Booth, national co-ordinator of NO2ID, a group pressing the Government to abandon plans for identity cards, witnessed our experiment.
“This shows how easy it is to steal a person’s identity from the new passport without the innocent owner even knowing,” he said.
“The Government has repeatedly said this information is secure. You have just shown that it is not.”
AND SO?
And so, “you should not on any account carry one of these passports. You should not be interrogated in one of the new centres. Period”. THAT IS WHAT YOU NEEDED TO SAY!
Last night a Home Office spokesman said: “We do not believe it would be possible to successfully forge a new passport by doing this.
“The security around the UK passport chip prevents anyone changing or deleting any of the data or information on the chip, which is what is required to successfully forge a passport.”
What they need to demonstrate now is that this too is a lie. But then again, it doesn’t matter how many times you do this sort of exercise; if people are going to line up to get these passports, then there is nothing that you can do about it. Four million have already been issued. Its bad news.
Americans do not have to be fingerprinted or interrogated to get new passports, which have RFID people who care are being instructed to use a hammer to destroy the RFID chip. The passport is not invalidated if the chip is broken, so there is no reason for you not to hammer your passport, and roll it back to an acceptable document.
I wonder why they did not issue an instruction to the four million holders of bad UK passports to hammer the chips so that they do not work?
It beggars belief.