Feeds

e-passport cloning risks exposed

RFID hack attack

Protecting against web application threats using SSL

A security consultant has shown how to clone electronic passports based on internationally agreed designs due to begin distribution this year.

The demo came as part of a presentation by Lukas Grunwald, CTO of German security consultancy DN-Systems Enterprise Internet Solutions, on hacking new RFID technologies used for dual-interfaces cards, such as within credit cards and passports, at the Black Hat conference in Vegas yesterday.

Grunwald said the data held on RFID cards within e-passports can be copied simply, undermining claims by governments that e-passports will help stamp out forgeries. "The whole passport design is totally brain damaged," Grunwald told Wired. "From my point of view all of these RFID passports are a huge waste of money. They're not increasing security at all."

Two weeks close scrutiny of the RFID chips within passports already issued by the German government allowed Grunwald to develop his cloning technique. Much of that time was spent acquainting himself with e-passport standards, developed by the UN's Civil Aviation Organisation. Since all e-passports will adhere to this standard, including US e-passports due to begin circulation in October.

Grunwald first placed his German passport on an official passport-inspection reader, though access to this specialised equipment might not be necessary since he reckons its possible to adapt a standard RFID by installing a suitable antenna for around $200. Next, he booted up program used by border guards to read passports, Golden Reader from Secunet Security Networks. This data was written onto a blank passport embedded with a fresh RFID tag. Grunwald used a program he'd helped develop, called RFDump, to program the chip. The process allowed him to produce a clone of his passport that would look the same as the original document to a passport reader even though it wouldn't withstand physical inspection.

At present, data held on RFID chips within passports is not encrypted, a factor that would otherwise has frustrated the cloning attack. However the data on the chips is digitally signed, so it wasn't possible for Grunwald to change the data been written onto the blank template without giving the game away. But if someone wrote the data onto an RFID chip held in a smart card they might be able to fool a passport reader into reading this data instead of that on a genuine passport. This is possible because readers only read one chip at a time and are designed to read the chip in closest proximity to a reader.

Frank Moss, deputy assistant secretary of state for passport services at the State Department, told Wired that even if the chips on electronic passports are cloned other security measures, such as a digital photo of its holder and the physical inspection of passports, would foil attempts to use forged or modified passports. A feature called Basic Access Control within passports means that border officials need to unlock a passport's RFID chip before it can be read. However some security experts reckon this technique provides insufficient protection over the long run and that conventional smart-cards are preferable to RFID chips.

"I'm not opposed to chips on ID cards, I am opposed to RFID chips. My fear is surreptitious access: someone could read the chip and learn your identity without your knowledge or consent," writes security guru Bruce Schneier. "The [US] State Department is implementing security measures to prevent that. But as we all know, these measures won't be perfect. And a passport has a ten-year lifetime. It's sheer folly to believe the passport security won't be hacked in that time. This hack took only two weeks," he added. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.