Elvis has left the border: ePassport faking guide unleashed

Not good enough to work - probably

Seven Steps to Software Security

The Hacker's Choice (THC) has released details of a procedure that allows you to "create a backup of your own passport chip(s)" - or, if you were that way inclined, use a modified chip to build a fake ePassport that will not be detected by at least some passport readers.

THC offers a video of "Elvis's" passport being approved by a reader at Amsterdam airport. Note that the reader is a public verification terminal, not one at a border check, so there's no illegal act being committed, nor does the video prove that a fake ePassport could get through a border.

But could that happen?

THC provides a walk through of the process of producing a viable clone of an ePassport chip, and of producing one with altered data that will still be passed by machines of similar capabilities to the one at Amsterdam airport. The procedure builds on - and cites - earlier work by Adam Laurie (tools to read the chip's content) and Jeroen van Beek's demo at BlackHat this year. Updated (i.e., altered) chip data is then signed using Peter Gutmann's CryptLib.

What you would then have - if, that is, you would ever do such a thing - is a spoof (say, Elvis') or forged ePassport that would pass some readers, but not all of them. But Entrust, which handles PKI security for ePassports, doubts that any of these readers will ever show up at a live border checkpoint.

"It's exceedingly unlikely," says PKI product manager Mark Joynes, arguing that the equipment used by van Beek for his demo is intended for test and development purposes, not for border deployment. "Governments' security experts aren't dummies and they aren't going to make those mistakes."

Jeroen van Beek's presentation gives a run down of how this particular class of equipment can be fooled, while the University of Amsterdam's SNE/OS3 site explains what's going on in more detail. By manipulating ePassport data an attacker can circumvent optional security features such as Active Authentication, which is itself currently used only by a limited number of countries (current UK and US passports do not use it).

The existence of countries not using this feature is crucial to the exploit demonstrated, because it means that readers need to cater for ePassports that don't have Active Authentication as a defence against cloning. Deleting the public key of the Active Authentication key pair causes the reader to assume that Active Authentication isn't enabled for the passport, and because that's permissible under ICAO rules - but not advisable - it doesn't flag it as a problem.

For the next part of the exploit, van Beek was able to copy his own data onto a passport chip, sign it, and have it passed by the reader. Tim Moses, senior director at Entrust's advanced security technology group, explains that what's failing here is not the signature, but the certificate chain. The signature itself, he points out, is a perfectly valid one backed by a self-signed certificate, and it's the check of whether or not that certificate has been issued by a bona fide authority that is absent. Yes, that music you hear is the sound of angels dancing on a pinhead, but nevertheless what the man says is true.

The $64,000 question is therefore whether or not a proper certificate check will be present at border control. The 'official' channel for this is the ICAO Public Key Directory (PKD), but as of May only nine countries - Australia, Canada, Germany, Japan, New Zealand, Republic of Korea, Singapore, the UK, and the US - were participating, although France is likely to have joined by now. "PKD is getting greater use than it has in the past," says Joynes, but he confirms that these numbers sound right, and points out that the PKD isn't the only route for distribution of countries' public keys. The number of bilateral agreements is growing, and countries are starting to establish Certificate Trust Lists, where numbers of them are, effectively, grouped in trusted relationships.

The bottom line, says Entrust, is that the ability to validate certificates should always be present at border crossings, and there machines will set off an alert if "Elvis" attempts to get by. Would one expect a machine such as the Amsterdam airport one, which is intended to display the content of a passport chip but not (as OS3 itself points out) guaranteed to verify the chip, to check certificates? Possibly not.

This and other weaknesses could be dealt with, Jeroen van Beek argued at BlackHat, if key security features were mandatory rather than optional, as is currently the case. "If one party doesn't use a feature," he said, "the security level of the entire system (globally!) depends on compensating measures". He argues that automated border control (which is currently planned for the UK) should only be used for ePassports with all security features enabled and that all countries should be using a trusted PKI system.

"I wouldn't disagree with that," says Joynes, adding that ICAO's recommendations and documentation nevertheless provides you with sufficient tools to implement a secure system. Systems are insecure, he says, "where they are not implementing all of the security measures correctly." Which is more or less what van Beek's been saying. ®

Mobile application security vulnerability report

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
prev story


Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.