'Safest ever' passport is not fit for purpose

 Add your view

Unfit for purpose: In just four hours, the Mail hacked into a new passport

They are the "safest ever", according to the Government. But the Daily Mail has revealed how easily a person's identity can be stolen from new biometric passports.

In just four hours, the Mail hacked into a new biometric passport and stole the details a people trafficker or illegal migrant would need to set up a life in Britain.

More here:

• Children ages 11 to have prints stored

A shocking security gap allows the personal details and photograph in any electronic passport to be copied from the outside of the envelope in which it is delivered to homes.

The passport holder is none the wiser when it arrives because the white envelope has not been tampered with or opened.

Using a simple gadget built from parts bought on the Internet, it took the Mail less than four hours to copy the details from one passport.

It had been delivered in the normal way by national courier company Secure Mail Services to a young woman in Islington, North London.

With her permission we took away the envelope containing her passport and never opened it.

By the end of the afternoon, we had stolen enough information from the passport's electronic chip - including the woman's photograph - to be able to clone an identical document if we had wished.

More significantly, we had the details which would allow a fraudster, people trafficker or illegal immigrant to set up a new life in Britain.

The criminal could open a bank account, claim state benefits and undertake a myriad financial and legal transactions in someone else's name.

This revelation will prove a major embarrassment to ministers. Since their introduction a year ago, more than four million biometric travel documents have been delivered by courier.

The Government believes this is the safest way of sending out passports. But this may be an illusion.

The passports are dispatched in white envelopes which are easily recognisable from the distinctive lettering and figures on the outside.

There is no identity check on the person signing for the passport when it arrives. In multi-occupancy flats they can be handed to anyone at the address. Thousands have already gone missing.

We began our investigation by asking Elizabeth Wood, a 33-year old web designer, to apply for a new biometric passport.

She telephoned the Identity and Passport Service on Monday, February 12.

Because she wanted the passport quickly, she was asked to go to the IPS office in Victoria, Central London, the following afternoon.

If she had not requested the fasttrack service, the passport would normally have been sent out without a face-to-face interview.

The next day Miss Wood met an official for ten minutes. The details on her application form were verified using two forms of ID - normally a household bill and a bank statement. Her photograph was also examined.

Miss Wood paid £91 for the fasttrack delivery and was told her passport would be sent to her home by secure courier in exactly seven days.

In fact, it took just four days, arriving when Miss Wood was in the shower. Her boyfriend went to the door and signed for the document. He was able to do so without showing any form of identity to the courier, who did not ask for Miss Wood.

But there is another gaping hole in security. At first glance the new biometric passport looks much like the traditional one.

The only clue on the outside of the document that it contains an electronic chip is a small gold square on the front.

Inside the passport there is a laminated page containing the holder's picture, passport number, name, nationality, sex, signature, date and place of birth and the document's issue and expiry date.

At the bottom of this page are two lines of printed numbers and letters which can be read by a computer when the passport is swiped through a special machine by immigration officials. It is called the Machine Readable Zone.

On the back of the page is a tiny computer chip, surrounded by a coil of copper-coloured wire. This is a Radio Frequency Identification microchip, which can be read using radio waves.

Encoded on the passport's RFID chip are three important files. One contains an electronic copy of the printed information on the passport's photo page; the second holds the electronic image of the holder's photo. The third is a security device which checks that the previous two files are not accessed and altered.

In order to get into the files, the computer needs an "electronic key". This is the 24-digit code printed on the bottom line of the passport's Machine Readable Zone. It is called the "MRZ key number".

When an immigration official checks the passport by swiping it through his machine, it reveals the key which is then used to open up the electronic data on the microchip.

The official checks that the photograph and information printed on the passport match the details on the chip and the holder is allowed to pass in, or out, of the country.

The Government says the biometric chips are protected by "an advanced digital encryption technique". In other words, without the MRZ key code it is impossible to steal the passport holder's details if you do not have their travel document.

Yet it took us no time at all to unravel the crucial code, using a relatively simple computer software programme and a scanning device.

The Mail was helped by computer security consultant Adam Laurie, who advises public bodies and private companies on combating IT fraud. He discovered glaring weaknesses in the biometric passport's security system.

The first flaw is that a hacker can try to access the chip as many times as he likes until he cracks the MRZ code. This is different to putting a pin number into a bank machine, where the security system refuses access after three wrong combinations are entered.

The second is that there are easily identifiable recurring patterns in the MRZ key codes issued. For example, the passport holder's date of birth always features, as does the passport's expiry date, which is ten years after the issue date.

The Mail is not publishing full details of Miss Wood's passport to protect her. We know exactly how Mr Laurie cracked the MRZ code but we are not going to reveal the process for security reasons.

Crucially, he only needed one new piece of information - Miss Wood's date of birth.

In under two hours, the Mail had found this by checking the electoral roll, birth records and looking at genealogical sites on the Internet.

Miss Wood's photo page soon popped up on Mr Laurie's laptop screen. He had not needed to see her actual passport - the white envelope containing it remained unopened on the desk.

Crucially, some banks, including the Post Office, no longer require to see a full passport as proof of identity from a new customer opening an account. They ask for a photocopy of the photo page to be sent in the post instead.

Miss Wood's photo page could easily be copied and used for this purpose. Mr Laurie said: "I used public information and equipment that is legal. The software took me three days to write. It is incredibly easy to thieve data from the passports. It could be put onto another chip and implanted in a blank passport."

Phil Booth, national co-ordinator of NO2ID, a group pressing the Government to abandon plans for identity cards, witnessed our experiment.

"This shows how easy it is to steal a person's identity from the new passport without the innocent owner even knowing," he said.

"The Government has repeatedly said this information is secure. You have just shown that it is not."

Last night a Home Office spokesman said: "We do not believe it would be possible to successfully forge a new passport by doing this.

"The security around the UK passport chip prevents anyone changing or deleting any of the data or information on the chip, which is what is required to successfully forge a passport."

 

What's on today   What's on tomorrow

Receive our newsletter