Feeds

e-passport cloning risks exposed

RFID hack attack

Reducing security risks from open source software

A security consultant has shown how to clone electronic passports based on internationally agreed designs due to begin distribution this year.

The demo came as part of a presentation by Lukas Grunwald, CTO of German security consultancy DN-Systems Enterprise Internet Solutions, on hacking new RFID technologies used for dual-interfaces cards, such as within credit cards and passports, at the Black Hat conference in Vegas yesterday.

Grunwald said the data held on RFID cards within e-passports can be copied simply, undermining claims by governments that e-passports will help stamp out forgeries. "The whole passport design is totally brain damaged," Grunwald told Wired. "From my point of view all of these RFID passports are a huge waste of money. They're not increasing security at all."

Two weeks close scrutiny of the RFID chips within passports already issued by the German government allowed Grunwald to develop his cloning technique. Much of that time was spent acquainting himself with e-passport standards, developed by the UN's Civil Aviation Organisation. Since all e-passports will adhere to this standard, including US e-passports due to begin circulation in October.

Grunwald first placed his German passport on an official passport-inspection reader, though access to this specialised equipment might not be necessary since he reckons its possible to adapt a standard RFID by installing a suitable antenna for around $200. Next, he booted up program used by border guards to read passports, Golden Reader from Secunet Security Networks. This data was written onto a blank passport embedded with a fresh RFID tag. Grunwald used a program he'd helped develop, called RFDump, to program the chip. The process allowed him to produce a clone of his passport that would look the same as the original document to a passport reader even though it wouldn't withstand physical inspection.

At present, data held on RFID chips within passports is not encrypted, a factor that would otherwise has frustrated the cloning attack. However the data on the chips is digitally signed, so it wasn't possible for Grunwald to change the data been written onto the blank template without giving the game away. But if someone wrote the data onto an RFID chip held in a smart card they might be able to fool a passport reader into reading this data instead of that on a genuine passport. This is possible because readers only read one chip at a time and are designed to read the chip in closest proximity to a reader.

Frank Moss, deputy assistant secretary of state for passport services at the State Department, told Wired that even if the chips on electronic passports are cloned other security measures, such as a digital photo of its holder and the physical inspection of passports, would foil attempts to use forged or modified passports. A feature called Basic Access Control within passports means that border officials need to unlock a passport's RFID chip before it can be read. However some security experts reckon this technique provides insufficient protection over the long run and that conventional smart-cards are preferable to RFID chips.

"I'm not opposed to chips on ID cards, I am opposed to RFID chips. My fear is surreptitious access: someone could read the chip and learn your identity without your knowledge or consent," writes security guru Bruce Schneier. "The [US] State Department is implementing security measures to prevent that. But as we all know, these measures won't be perfect. And a passport has a ten-year lifetime. It's sheer folly to believe the passport security won't be hacked in that time. This hack took only two weeks," he added. ®

Mobile application security vulnerability report

More from The Register

next story
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
Crooks fling banking Trojan at Japanese smut site fans
Wait - they're doing online banking with an unpatched Windows PC?
NIST told to grow a pair and kick NSA to the curb
Lrn2crypto, oversight panel tells US govt's algorithm bods
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.