Feeds

e-passport cloning risks exposed

RFID hack attack

Choosing a cloud hosting partner with confidence

A security consultant has shown how to clone electronic passports based on internationally agreed designs due to begin distribution this year.

The demo came as part of a presentation by Lukas Grunwald, CTO of German security consultancy DN-Systems Enterprise Internet Solutions, on hacking new RFID technologies used for dual-interfaces cards, such as within credit cards and passports, at the Black Hat conference in Vegas yesterday.

Grunwald said the data held on RFID cards within e-passports can be copied simply, undermining claims by governments that e-passports will help stamp out forgeries. "The whole passport design is totally brain damaged," Grunwald told Wired. "From my point of view all of these RFID passports are a huge waste of money. They're not increasing security at all."

Two weeks close scrutiny of the RFID chips within passports already issued by the German government allowed Grunwald to develop his cloning technique. Much of that time was spent acquainting himself with e-passport standards, developed by the UN's Civil Aviation Organisation. Since all e-passports will adhere to this standard, including US e-passports due to begin circulation in October.

Grunwald first placed his German passport on an official passport-inspection reader, though access to this specialised equipment might not be necessary since he reckons its possible to adapt a standard RFID by installing a suitable antenna for around $200. Next, he booted up program used by border guards to read passports, Golden Reader from Secunet Security Networks. This data was written onto a blank passport embedded with a fresh RFID tag. Grunwald used a program he'd helped develop, called RFDump, to program the chip. The process allowed him to produce a clone of his passport that would look the same as the original document to a passport reader even though it wouldn't withstand physical inspection.

At present, data held on RFID chips within passports is not encrypted, a factor that would otherwise has frustrated the cloning attack. However the data on the chips is digitally signed, so it wasn't possible for Grunwald to change the data been written onto the blank template without giving the game away. But if someone wrote the data onto an RFID chip held in a smart card they might be able to fool a passport reader into reading this data instead of that on a genuine passport. This is possible because readers only read one chip at a time and are designed to read the chip in closest proximity to a reader.

Frank Moss, deputy assistant secretary of state for passport services at the State Department, told Wired that even if the chips on electronic passports are cloned other security measures, such as a digital photo of its holder and the physical inspection of passports, would foil attempts to use forged or modified passports. A feature called Basic Access Control within passports means that border officials need to unlock a passport's RFID chip before it can be read. However some security experts reckon this technique provides insufficient protection over the long run and that conventional smart-cards are preferable to RFID chips.

"I'm not opposed to chips on ID cards, I am opposed to RFID chips. My fear is surreptitious access: someone could read the chip and learn your identity without your knowledge or consent," writes security guru Bruce Schneier. "The [US] State Department is implementing security measures to prevent that. But as we all know, these measures won't be perfect. And a passport has a ten-year lifetime. It's sheer folly to believe the passport security won't be hacked in that time. This hack took only two weeks," he added. ®

Internet Security Threat Report 2014

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
Carders punch holes through Staples
Investigation launched into East Coast stores
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.