RFID passports vulnerable to sabotage

A GERMAN insecurity expert says that the RFID chips in the new ePassports are an open book to hackers and ID thieves.

Lukas Grunwald said it was a doddle to seize and clone the fingerprint image stored on the biometric e-passport, and to create a specially coded chip that attacks e-passport readers that attempt to scan it.

Speaking to Wired, Grunwald said he has succeeded in sabotaging two passport readers made by different vendors by cloning a passport chip, then modifying the JPEG2000 image file containing the passport photo.

When the modified image is shown to the RFID readers, the crashed which indicates they are vulnerable to a code-injection exploit. So all will take is for a hacker to work out a way for the hacker to reprogram the reader to approve expired or forged passports.

He said that if a hacker can crash something it is likely that they can exploit it.

Another hack is possible thanks to the fact that the International Civil Aviation Organisation, the United Nations body that developed the standards for e-passports, decided that it was a wizard wheeze to store travelers' fingerprints as digital photos.

All you need to do is make false fingerprints using gelatin that could be placed over a finger to fix that problem.

More here. µ

See Also
Intel tracks its journalist fiends round the show