‘Safest ever’ passport is not fit for purpose

Sue Reid writes in the Daily Mail:

They are the “safest ever”, according to the Government. But the Daily Mail reveals today how easily a person’s identity can be stolen from new biometric passports.

A shocking security gap allows the personal details and photograph in any electronic passport to be copied from the outside of the envelope in which it is delivered to homes.

The passport holder is none the wiser when it arrives because the white envelope has not been tampered with or opened.

Using a simple gadget built from parts bought on the Internet, it took the Mail less than four hours to copy the details from one passport.

It had been delivered in the normal way by national courier company Secure Mail Services to a young woman in Islington, North London.

With her permission we took away the envelope containing her passport and never opened it.

By the end of the afternoon, we had stolen enough information from the passport’s electronic chip – including the woman’s photograph – to be able to clone an identical document if we had wished.

This is a demonstration of the “sealed envelope” attack postulated in a Guardian article last year. The December 2006 “Action Plan” confirms that the Home Office still intends ID cards to be usable as passports within Europe – this presumably means they would contain the same RFID chip as the ICAO-compliant passport copied in this attack.