RFID Passport Hacked to Crash Readers
German security researcher Lukas Grunwald claims to have successfully hacked the RFID chip in the new e-passports used by the United States. The former consultant on e-passports for the German parliament says he was able to crash two passport readers from different vendors by first cloning the embeded RFID chip (which is scary enough) and then manipulating the stored JPG2000 file containing the passport photo. Reading this corrupted file crashed the readers from both manufacturers. The crash is caused by a buffer-overrun. The buffer-overrun is basicaly a coding error when a dedicated section of memory is overridden by an unexpected data input.
This usually is an indicator that a code injection might be possible using this exploit as the starting point to take over control of the machine.
Last year Lukas Grunwald showed how he could clone a “read only” RFID chip onto one which is fully read-write capable. Today the reader itself has ben shown to be prone to attacks. The International Civil Aviation Organization, the United Nations body that developed the standards for e-passports has to rethink their security concept quickly or the e-passport is going to be a complete disaster.
Filed under: Hardware, Networking, Real Life, RFID, Security, Software, Technology and Gadgets | Leave a Comment