RFID Passport Hacked to Crash Readers

01Aug07

German security researcher Lukas Grunwald claims to have successfully hacked the RFID chip in the new e-passports used by the United States. The former consultant on e-passports for the German parliament says he was able to crash two passport readers from different vendors by first cloning the embeded RFID chip (which is scary enough) and then manipulating the stored JPG2000 file containing the passport photo. Reading this corrupted file crashed the readers from both manufacturers. The crash is caused by a buffer-overrun. The buffer-overrun is basicaly a coding error when a dedicated section of memory is overridden by an unexpected data input. 

e-passport

 

This usually is an indicator that a code injection might be possible using this exploit as the starting point to take over control of the machine.

Last year Lukas Grunwald showed how he could clone a “read only” RFID chip onto one which is fully read-write capable. Today the reader itself has ben shown to be prone to attacks. The International Civil Aviation Organization, the United Nations body that developed the standards for e-passports has to rethink their security concept quickly or the e-passport is going to be a complete disaster.

Advertisements


No Responses Yet to “RFID Passport Hacked to Crash Readers”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: