Boing Boing: Hacked passport crashes readers

View a recent day: August 20 | August 19 | August 18 | previous days | by month and year

Tuesday, July 31, 2007

Hacked passport crashes readers

A hacker has demonstrated an exploit against the RFID tags in the new US passports that allows him to clone a passport and modify the RFID with bad code that will crash the passport readers.

Lukas Grunwald, an RFID expert who has served as an e-passport consultant to the German parliament, says the security flaws allow someone to seize and clone the fingerprint image stored on the biometric e-passport, and to create a specially coded chip that attacks e-passport readers that attempt to scan it.
Grunwald says he's succeeded in sabotaging two passport readers made by different vendors by cloning a passport chip, then modifying the JPEG2000 image file containing the passport photo. Reading the modified image crashed the readers, which suggests they could be vulnerable to a code-injection exploit that might, for example, reprogram a reader to approve expired or forged passports.
"If you're able to crash something you are most likely able to exploit it," says Grunwald, who's scheduled to discuss the vulnerabilities this weekend at the annual DefCon hacker conference in Las Vegas.

Link

posted by Cory Doctorow at 10:40:42 PM permalink | Other blogs' comments

View a recent day: August 20, 2007 | August 19, 2007 | August 18, 2007 | August 17, 2007 | August 16, 2007 | August 15, 2007 | August 14, 2007 | previous days | all BB archives by month and year

suggest a link \| defeat censorware \| rss \| archives \| t-shirts \| digital emporium \| podcast feed \| mark \| cory \| david \| xeni \| john
Support Bloggers' Rights! HOWTO: Get a link posted to Boing Boing Boing Boing Mobile powered by Winksite Fark rules! This work is licensed under a Creative Commons License permitting non-commercial sharing with attribution. Boing Boing is a trademark of Happy Mutants LLC in the United States [and other countries]. Stats (About our stats) defeat censorware Policies Our first five years' worth of posts in one file	View a recent day: August 20 \| August 19 \| August 18 \| previous days \| by month and year Tuesday, July 31, 2007 Hacked passport crashes readers A hacker has demonstrated an exploit against the RFID tags in the new US passports that allows him to clone a passport and modify the RFID with bad code that will crash the passport readers. Lukas Grunwald, an RFID expert who has served as an e-passport consultant to the German parliament, says the security flaws allow someone to seize and clone the fingerprint image stored on the biometric e-passport, and to create a specially coded chip that attacks e-passport readers that attempt to scan it. Grunwald says he's succeeded in sabotaging two passport readers made by different vendors by cloning a passport chip, then modifying the JPEG2000 image file containing the passport photo. Reading the modified image crashed the readers, which suggests they could be vulnerable to a code-injection exploit that might, for example, reprogram a reader to approve expired or forged passports. "If you're able to crash something you are most likely able to exploit it," says Grunwald, who's scheduled to discuss the vulnerabilities this weekend at the annual DefCon hacker conference in Las Vegas. Link posted by Cory Doctorow at 10:40:42 PM permalink \| Other blogs' comments View a recent day: August 20, 2007 \| August 19, 2007 \| August 18, 2007 \| August 17, 2007 \| August 16, 2007 \| August 15, 2007 \| August 14, 2007 \| previous days \| all BB archives by month and year Email this entry to: Your email address: Message (optional):	Boing Boing Sponsored by: Your Text Ad Here Get BB by email: