Home
Newsletter
Events
Blogs
Reports
Graphics
RSS
About Us
Support
Write for Us
Media Info
Advertising Info
Airport security

Security breakdown: E-passport chip easily hacked, cloned

Friday, August 04, 2006 by: NewsTarget
Tags: airport security, e-passports, RFID


Most Viewed Articles
https://www.naturalnews.com/019883_airport_security_e-passports.html
Delicious
diaspora
Print
Email
Share

(NewsTarget) The United States and other countries are going to begin distributing electronic passports this year, but a computer security consultant says he can clone the passports easily.

"The whole passport design is totally brain damaged," said Lukas Grunwald. "From my point of view all of these RFID passports are a huge waste of money. They're not increasing security at all."

Because encrypting the data on the e-passport's RFID chip would involve building a complicated infrastructure, countries have opted not to do so, but "if you can read the data, you can clone the data and put it in a new tag," Grunwald said.

Grunwald's ability to clone the e-passports has added to controversy already stirred up by their potential to invade privacy and their similarity to the methods of Big Brother of "1984" fame.

"Either this guy is incredible or this technology is unbelievably stupid," said Gus Hosein, a senior fellow at Privacy International, which officially stands in opposition of the e-passport technology. "I think it's a combination of the two."

"Is this what the best and the brightest of the world could come up with? Or is this what happens when you do policy laundering and you get a bunch of bureaucrats making decisions about technologies they don't understand?"

By spending time reading e-passport standards posted on the U.N.'s International Civil Aviation Organization website, Grunwald said he figured out how to clone the chips in about two weeks. Since all countries' e-passports would be designed using the same ICAO standard, Grunwald says his cloning method would work regardless of country of origin, although he admits the cryptographic hashes used to authenticate data mean people cannot inconspicuously change things like birth date or names on the chips.

Even so, through the cloning process, a known terrorist could carry a passport with his real name and photo, equipped with a cloned RFID chip that identifies someone else. This means that while any human screening the passports would be able to identify the person from his physical passport, a fully electronic system would check the wrong name. Grunwald said that, luckily, the machine-readable OCR at the bottom of the passport would still fail to match the RFID data.

Frank Moss, deputy assistant secretary of state for passport services at the State Department, said that the United States does not intend to use a totally electronic passport-inspection system. However, other countries such as Australia are considering completely automating the process.

According to Moss, Grunwald's accomplishment is no surprise. He said that the e-passport's designers have known about the issue for some time, and added that things like the digital photograph of the passport holder -- embedded in the data page -- could still prevent someone from entering countries through use of a forged or modified e-passport.

"What (Grunwald) has done is neither unexpected nor really all that remarkable," Moss said. "The chip is not in and of itself a silver bullet ... It's an additional means of verifying that the person who is carrying the passport is the person to whom that passport was issued by the relevant government."

Grunwald noted, however, that false identification was not the only danger from cloning e-passports. Someone could introduce malicious code to border-screening computers through the RFID tag or write corrupt data to it, which could crash an electronic inspection system not pre-protected from such an attack.

"I want to say to people that if you're using RFID passports, then please make it secure," Grunwald said. "This is in your own interest and it's also in my interest. If you think about cyberterrorists and nasty, black-hat type of guys, it's a high risk ... From my point of view, it should not be possible to clone the passport at all."

###


Receive Our Free Email Newsletter

Get independent news alerts on natural cures, food lab tests, cannabis medicine, science, robotics, drones, privacy and more.


comments powered by Disqus



Natural News Wire (Sponsored Content)

Science.News
Science News & Studies
Medicine.News
Medicine News and Information
Food.News
Food News & Studies
Health.News
Health News & Studies
Herbs.News
Herbs News & Information
Pollution.News
Pollution News & Studies
Cancer.News
Cancer News & Studies
Climate.News
Climate News & Studies
Survival.News
Survival News & Information
Gear.News
Gear News & Information
Glitch.News
News covering technology, stocks, hackers, and more