Jeroen van Beek takes the passport of a 16-month-old British boy and puts it
on to a £40 smartcard reader the size of an iPod. He punches a code into his
computer and, within seconds, the information contained in the passport’s
microchip appears on screen.
This is not supposed to happen, as communication between the chip and the
reader uses powerful encryption, but a renowned British computer expert
called Adam Laurie worked out how to crack the code 18 months ago.
Within seconds, in his university office in Amsterdam, Mr van Beek, 30, copies
the contents of the microchip on to another chip, making a clone of the
first. He launches some software called Golden Reader Tool – the
International Civil Aviation Organisation (ICAO) standard kit for checking
biometric passports – and the new chip is flagged up as authentic.
As amazing as this may seem, this is nothing new. A German computer academic
called Lukas Grunwald first cloned chips from his country’s passports two
years ago.
What is new and potentially devastating, however, is what comes next.
On his computer, Mr van Beek alters the cloned chip and removes the image of
the child, the Times photographer Michael Crabtree’s son, Thomas, and
replaces it with the image of Osama bin Laden. He does the same with the
passport of my partner, Suzanne Hallam, installing the image of Hiba
Darghmeh, a Palestinian suicide bomber instead. And, if the chips had
contained other biometric data, such as fingerprints or iris scans, he could
have changed those too.
At first, Golden Reader refuses to authenticate the new, altered chips. A
digital key signature, a certificate of authenticity, has been changed, and
the reader is concerned. But Mr van Beek falls back on the work of Peter
Gutmann, from Auckland University, New Zealand, who found a way to programme
another key signature into the chip. The ICAO’s reader software now accepts
both chips as genuine.
If we were criminals, we would have been able to create a passport in the name
of a real person with a chip containing our biometrics – facial image,
fingerprints and so on – and travel the world as that individual. When we
presented our fake passport at borders, our image (and in EU passports
issued from next June, fingerprints) would match those held in our
supposedly secure biometric passports.
As identity theft goes, we could not have been more thorough. We have taken a
tool designed to make an individual’s identity more secure, and changed it
to validate our criminal activity. Of course, we would then need either
genuine blank passports, like the 3,000 stolen on Monday last week, or fake
passports – which these chips were supposed to have made obsolete – in which
to put our clones.
The first electronic passports, or e-passports, were introduced by Malay-sia
ten years ago. After the 9/11 attacks, the US told other countries that they
would have to introduce biometric passports if they wanted to avoid their
citizens having to apply for visas each time they travelled there. Now
costing £72, they were first issued in Britain in March 2006.
Implementa-tion cost about £250 million, all of which was funded by the
public by way of passport fees. Each passport contains a radio frequency
identification (RFID) chip with an antenna which, when contacted by a reader
with the correct encrypted codes, bounces back the information it holds.
Among the computing and electronic privacy communities, this technology has
been treated with suspicion. In the US, a special foil security cage had to
be inserted into new passports when researchers managed to read chips from a
distance of several feet.
In Britain, details held on one passport chip were read from inside a sealed
envelope by Adam Laurie in response to Home Office claims that remote
reading would be impossible.
Mr van Beek, whose research in Amsterdam University’s system and network
department is sponsored by the accountancy firm KPMG, has even created a
passport chip featuring the identity of Elvis Presley.
The Elvis passport has been accepted as genuine by a public e-passport reader
at a Dutch town hall. Oddly, though, the Dutch Government later insisted
that the reader was not designed to check the security features of
passports.
There is a simple tool that could foil all this fakery, but the international
community is failing to use it. The ICAO, a United Nations agency, set up a
centralised database to combat cloning and faking 16 months ago called the
Public Key Directory, or PKD. It is operated by a Singaporean company,
Netrust, which beat seven others to win the contract.
Remember that replacement key certificate that Mr van Beek programmed into our
passport chips? The PKD would flag that up if you tried to use your passport
at the border of a country that was a member.
At present, key signature codes can be checked only if e-passport countries
choose to swap details of those keys, one country at a time. The UK does
this with thirty-five countries, leaving ten uncheckable. Under the PKD
system, border readers would instantly send back details of the digital
signature of the chip in the fake passport – and check it against codes
supplied by the issuing country.
But of the forty-five countries with e-passports, only five – Australia, New
Zealand, Singapore, the US and Japan – are using the PKD. Britain says that
it hopes to start using it by the end of the year.
The ICAO wants all its 189 member countries eventually to introduce
e-passports; if they don’t all join the PKD, security will be seriously
compromised.
As far back as April 2006, the ICAO issued a report that said PKD membership
should be “necessary . . . and not optional”. Publicly, the ICAO is unable
to castigate individual member states. This week it said: “The PKD ensures
that e-passports used at border control points . . . are genuine and
unaltered. In effect, it renders the passport foolproof. For this to happen,
however, all states issuing e-passports must join the PKD, otherwise that
assurance cannot be given.”
Privately, however, ICAO officials are understood to be frustrated that
billions of dollars have been spent on developing e-passports but the system
is open to abuse because of the failure of nations to share microchip key
signatures over the PKD.
Some e-passport countries are not yet ready, but officials fear that others
simply do not like the idea of handing over data to nations that they do not
trust.
Eckart Brauer, chairman of the ICAO board responsible for the directory, told The
Times that he did not expect all countries to participate for at least
another three years, and he cautioned that the failure of even one country
to sign up could render the entire e-passport regime open to abuse.
“It is possible to copy all the data from the chip and put in data . . . but
it is not possible to copy the signature, so checking that [against the PKD]
is of the utmost importance,” he said.
Mr Laurie, the expert who first cracked the UK passport encryption and the
founder of the website rfidiot. org, said that it was vital that all
countries signed up to the directory.
He said: “If you are 99 per cent secure, then you are 100 per cent vulnerable,
because that 1 per cent can be exploited.”
