[continued from previous message] 
  
 information from all of them has been copied and the holders' images appear 
 on the screen of Laurie's laptop. The passports belong to Booth, and to 
 Laurie's son, Max, and my partner, who have all given their permission. 
  
 Booth is staggered. He has undercut Laurie by finding an RFID reader for 
 #174, which also works. "This is simply not supposed to happen," Booth says. 
 "This could provide a bonanza for counterfeiters because drawing the 
 information from the chip, complete with the digital signature it contains, 
 could result in a passport being passed off as the real article. You could 
 make a perfect clone of the passport." 
  
 But could you - and what use would my passport be to you? A security feature 
 of the chip ensures that information cannot be added or altered, so you 
 couldn't put your picture on my chip. So is our attack really so impressive? 
  
 The Home Office thinks not. It correctly points out that the information 
 sucked out of the chip is only the same as that which appears on the page, 
 readable with the human eye. And to obtain the key in the first place, you 
 would need to have access to the passport to read (with the naked eye) its 
 number, expiry date and the date of birth of its holder. 
  
 "This doesn't matter," says a Home Office spokesman. "By the time you have 
 accessed the information on the chip, you have already seen it on the 
 passport. What use would my biometric image be to you? And even if you had 
 the information, you would still have to counterfeit the new passport - and 
 it has lots of new security features. If you were a criminal, you might as 
 well just steal a passport." 
  
 However, some computer experts believe the Home Office is being dangerously 
 naive. Several months ago, Lukas Grunwald, founder of DN-Systems Enterprise 
 Solutions in Germany, conducted a similar attack to ours on a German 
 biometric passport and succeeded in cloning its RFID chip. He believes 
 unscrupulous criminals or terrorists would find this technology very useful. 
  
 "If you can read the chip, then you can clone it," he says. "You could use 
 this to clone a passport that would exploit the system to illegally enter 
 another country." (We did not clone any of our passport chips on the 
 assumption that to do so would be illegal.) 
  
 Grunwald adds: "The problems could get worse when they put fingerprint 
 biometrics on to the passports. There are established ways of making forged 
 fingerprints. In the future, the authorities would like to have automated 
 border controls, and such forged fingerprints [stuck on to fingers] would 
 probably fool them." 
  
 But what about facial recognition systems (your biometric passport contains 
 precise measurements of key points on your face and head)? "Yes," says 
 Grunwald, "but they are not yet in operation at airports and the technology 
 throws up between 20 and 25% false negatives or false positives. It isn't 
 reliable." 
  
 Neither is the human eye, according to research conducted by a team of 
 psychologists from the University of Westminster in 1996. Remember, 
 information - such as a new picture - cannot be added to a cloned chip, so 
 anyone using it to make a counterfeit passport would have to use one that 
 bore a reasonable resemblance to themselves. 
  
 But during Westminster University's study, which examined whether putting 
 people's images on credit cards might reduce fraud, supermarket staff 
 drafted in for tests had great difficulty matching faces to pictures. The 
 conclusion was that pictures would not improve security and they were never 
 introduced on credit cards. This means that each time you hand over your 
 passport at, say, a hotel reception or car-rental office abroad to be 
 "photocopied", it could be cloned with equipment like ours. This could have 
 been done with an old passport, but since the new biometric passports are 
 supposed to be secure they are more likely to be accepted without question 
 at borders. 
  
 Given the results of the Westminster study, if a terrorist bore a slight 
 resemblance to you - and grew a beard, perhaps - he would have a good chance 
 of getting through a border. Because his chip is cloned, with the necessary 
 digital signatures, and because you have not reported your passport stolen - 
 you still have it! - his machine-readable travel document will get him 
 wherever he wants to go, using your identity. 
  
 What about the technical difficulties? The government claims the new 
 biometric passport chips can be read over a distance of just 2cm, but 
 researchers all over the world claim to have read them from further. The 
 physics governing those in British passports says they could be read over a 
 metre, but no one has yet done that. A Dutch team claims to have contacted 
 chips at 30cm. 
  
 Laurie has, however, rigged up a piece of equipment that can connect to a 
 passport over 7.5cm. That isn't as far as the Dutch 30cm, but it is enough 
 if your target subject is sitting next to you on the London Underground or 
 crushed up against you on the Gatwick Airport monorail, his pocketed 
 passport next to the reader you have hidden in a bag. 
  
 It takes around four seconds to suck out the information with a reader; then 
 it can be relayed and unscrambled by an accomplice with a laptop up to 1km 
 away. With a Heath Robinson device we built on Tuesday using a Bluetooth 
 antenna connected to an RFID reader, Laurie relayed details of his son's 
 passport over a distance of 10 metres and through two walls to a laptop. 
  
 Ah, the Home Office will say, but you still need to see the information in 
 the passport that will form the key needed for connection. Well, not 
 necessarily. Consider this scenario: A postman involved with organised crime 
 knows he has a passport to deliver to your home. He already knows your name 
 and address from the envelope. He can get your date of birth by several 
 means, including credit-reference agencies or from the register of births, 
 marriages and deaths (and, let's face it, he delivers all your birthday 
 cards anyway). 
  
 He knows the expiry date - 10 years from yesterday, give or take a day, when 
 the passport was mailed to you. That leaves the nine-digit passport number. 
 NO2ID says reports from its 30,000 members up and down the country are 
 throwing up a number of similarities in the first four digits of the 
 passport number, so that reduces the number of permutations, potentially 
 leaving five purely random numbers to establish. 
  
 "If the rogue postman were to take your passport home, without opening the 
 envelope he could put it against a reader and begin a 'brute force' attack 
 in which your computer tries 12 different permutations every second until it 
 has the right access codes," says Laurie. "A five-digit number would take 23 
 hours to crack at the most. Once all those numbers were established, you 
 could communicate with the RFID chip and steal all the information. And your 
 passport could be delivered to you, unopened and just a day late." 
  
 But is this really credible? Would criminals or terrorists really go to such 
 lengths? Ross Anderson, professor of security engineering at the University 
 of Cambridge computer laboratory, believes they would. "The point is that 
 once you have extracted the data from the chip you can have a forged 
 passport that contains not just forged physical stuff," he says. "You also 
 have the digital bit-stream so the digital signature of the passport checks 
 out. That makes it possible to travel through borders with it. 
  
  
 [continued in next message] 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2)