How to clone a biometric passport while it's still in the bag

Mail exposes the postal vulnerability


In an investigation for the Daily Mail, security consultant Adam Laurie has demonstrated how a new UK biometric passport can be cloned without even being removed from its delivery envelope.

The Mail exploit draws on previous work by Laurie and others, and puts together vulnerabilities in the chip technology, and in the chip security and logistics systems used by the Identity & Passport Service.

The data in the chip is essentially a digital version of what is printed inside the passport itself. The printed data can be read if the passport is presented and opened, and the chip's security system attempts to duplicate this process. The chip data can be read wirelessly, but it is encrypted, with the key printed inside the passport. So in theory, although the chip can be read without the passport (or indeed the delivery envelope) being opened, the data is meaningless without the key.

But the key in this first generation of biometric passport is relatively easy to identify/crack. It is not random, but consists of passport number, the passport holder's date of birth and the passport expiry date. The Mail found it relatively easy to identify the holder's date of birth, while the expiry date is 10 years from the issue date, which for a newly-delivered passport would clearly fall within a few days. The passport number consists of a number of predictable elements, including an identifier for the issuing office, so effectively a significant part of the key can be reconstructed from the envelope and its address label.

Laurie established the theory of this last year, but the Mail report puts it into practice. With the cooperation of the applicant, the newly-delivered passport envelope was rerouted, and a working key was identified within four hours. Once this has been done, a fraudster would have all of the information needed to copy the chip, and therefore would be some considerable distance closer to being able to produce an identical copy of the entire passport.

The Mail notes that no proof of identity was required when the passport was delivered, but the vulnerabilities exposed mean that the problem goes far beyond the occasional passport being cloned after its delivery has been intercepted. Because it's feasible to steal the data without detection, it's perfectly possible that insiders could intercept large numbers of the millions of new passports delivered every year.

If, that is, there is a point to doing so. At the moment the value of the data is limited because the chip can only be copied, not changed, so it can only be used as an aid in the forgery of a copy of an existing passport (although some possible exploits based on this are described here). Passport forgers would still have to produce a viable copy of the passport book itself, and the resulting document could only be used by someone of similar appearance to the original owner.

That, however, is the current state of play, not necessarily the end of the story. One of the primary reasons the chip is being introduced is because historically, passport forgers have been able to forge successive generations of book passports, with each new iteration of security eventually being matched by the bad guys.

Once biometric passports are commonplace the forgers will need to be able to deal with the chips in them, and if they want to stay in business they'll need to be able to change the data, not just copy it.

Without access to the digital signature used by the passport issuing authority to protect the integrity of the data, this can't be done. The forgers could therefore attempt to crack the signature for the passport variety of their choice, but simply gaining access to the key via corrupt officials or espionage could turn out to be a quicker route. With this in mind, it's worth noting that ICAO, which devised the system, anticipates that keys will be compromised, and puts forward steps that should be taken to protect the system when this happens.

If, however, this turns out to happen a lot (how many of the world's passport issuing authorities would you trust?), then chip security will quite possible turn out to be just one more increment in the passport forgery arms race. ®


Other stories you might like

  • ESA's 2030+ roadmap envisions Europeans on the Moon and Mars
    But the agency is distinctly aware that it needs more autonomy

    The European Space Agency (ESA) has released a strategy roadmap to take it into the 2030s and beyond.

    The publication comes on the eve of much-anticipated images from the James Webb Space Telescope, on which ESA partnered with NASA and others, but that makes one of the themes of the roadmap all the more stark – ESA needs more autonomy.

    "As recent events have shown," the document begins, "the geopolitical context can unexpectedly become unstable."

    Continue reading
  • Biden considers removal of Trump-era China tariffs to ease inflation
    But US administration split on loss of leverage, according to reports

    US president Joe Biden is debating whether to end or cut Trump-era tariffs imposed on Chinese imports into the United States, according to reports.

    Introduced in 2018 during the Trump administration, tariffs on more than $300 billion in imports from China — including products and components vital in consumer and business technologies — were inherited by the Biden administration.

    According to Bloomberg, president Biden and his cabinet have discussed the inflationary impact of these levies with Treasury Secretary Janet Yellen. The cabinet was looking at all of the possible ways to curb inflation and to provide some relief on cost of living for Americans, the report said.

    Continue reading
  • Semiconductor market to be hit by fresh wave of rising component costs
    Chemicals supplier warns it expects to raise prices, may cut some product lines

    More red flags about the semiconductor market are being raised with the news that a key supplier to chipmakers such as TSMC is planning to hike prices, which will likely have a knock-on effect on chip prices.

    Japan-based chemicals company Showa Denko has warned it expects to raise prices and may have to cut back some of its unprofitable product lines. The company is a major supplier of chemicals and gases that are used in the semiconductor manufacturing industry for the creation of silicon wafers and in the etching process to create chips.

    In an interview with Bloomberg, Showa Denko chief financial officer Hideki Somemiya said the company had already raised prices at least a dozen times this year, citing issues such as COVID-19 lockdowns, increasing energy costs and other factors. However, he confirmed "the current market moves require us to ask twice the amount we had previously calculated."

    Continue reading
  • Germany unveils plan to tackle cyberattacks on satellites
    Vendors get checklist on what to do when crooks inevitably turn up in space

    The German Federal Office for Information Security (BSI) has put out an IT baseline protection profile for space infrastructure amid concerns that attackers could turn their gaze skywards.

    The document, published last week, is the result of a year of work by Airbus Defence and Space, the German Space Agency at the German Aerospace Center (DLR), and BSI, among others. It is focused on defining minimum requirements for cyber security for satellites and, a cynic might say, is a little late to the party considering how rapidly companies such as SpaceX are slinging spacecraft into orbit.

    The guide categorizes the protection requirements of various satellite missions from "Normal" to "Very High" with the goal of covering as many missions as possible. It is also intended to cover information security from manufacture through to operation of satellites.

    Continue reading

Biting the hand that feeds IT © 1998–2022