Comments: Osama bin Laden gets a cosmetic makevover in his British Vanity Passport

Hmm, the article states that they were able to fool the Golden-Reader-Tool. I am not sure, but the Golden-Reader-Tool might not be interested in the validity as much as a border-control machine would be. (But on the other hand, perhaps some border-control machines are running Golden-Reader-Tools ;-)

Posted by Philipp at August 7, 2008 07:45 AM

Various of the comments from articles are about anything can be forged. Presumably the point of the chip was to significantly increase the cost of making forgeries (compared to non-chip passports).

This was somewhat our periodic semi-facetious comments in the mid-90s about taking a $500 milspec chip, aggressive cost reduction by 2-3 orders of magnitude ... while at the same time, actually increasing the security and integrity.

One of the problems we got into was that we got on the (EPC) RFID chip curve ... i.e. manufacturing costs are basically per wafer, cost per chip then has been improved by making smaller chips and/or larger wafers (i.e. more chips per wafer).

At the start of this decade, one of the problems was the saw cuts to split wafers into individual (small) chips were taking more surface area than the actual chips (limiting increases in the number of chips/wafer and further chip cost reductions). New technology was eventually developed that made the cut surface area significantly smaller ... allowing significant increases in the chips/wafer (both for the ultra-small EPC RFID chips as well as our super-secure, super cheap chip).

This included ISO14443 (RFID) proximity ... "inches" ... not the "meters" that EPC RFID are spec'ed for.

Posted by Lynn Wheeler at August 7, 2008 10:46 AM

http://www.timesonline.co.uk/tol/news/politics/article4474143.ece?f_src=darkreading_section_318_320

Opposition MPs accused the Government last night of being naive in believing that new microchipped passports would be foolproof against criminals involved in identity theft.

After The Times disclosed that new passports could be cloned and manipulated in minutes and would then be accepted as genuine, MPs also gave warning of serious implications for the security of the Government's £4.7 billion identity card scheme.

The identity card project, which starts this year when cards are issued to foreign nationals from outside Europe, relies on microchips similar to those cloned in minutes by a computer researcher as part of tests conducted for The Times.

Chris Huhne, the Liberal Democrat home affairs spokesman, joined calls for the whole project to be scrapped. “The Government is clearly incapable of creating a criminal-proof gold standard for identity,” he said. ...

Posted by Naive government! at August 8, 2008 11:16 AM

A Kiwi computer whiz is among a small group of international scientists to prove electronic passports can be easily copied, changed and passed off as genuine. Auckland University researcher Peter Gutmann found a way to program a new signature into an altered passport microchip allowing it to be recognised as authentic by the reading technology.

Gutmann, British computer expert Adam Laurie and Amsterdam academic Jeroen van Beek successfully copied the contents of a British boy's electronic passport to another chip and replaced his digital photograph with one of Osama bin Laden. The altered chip was reprogrammed with a signature key and recognised as genuine by the International Civil Aviation Organisation's passport reading software, UK's The Times newspaper reported.

Gutmann told the Sunday Star-Times his role in the experiment was "embarrassingly simple". His colleagues were credited with the more complex tasks of cloning and altering the chip's data which is meant to be secure. "It was a three-person effort."
...

Posted by Kiwi expert cracks chip passport... at August 18, 2008 09:23 AM

The original story was actually the coverage in the UK Times last week, http://www.timesonline.co.uk/tol/news/uk/crime/article4467098.ece. It was a three-person effort, Adam Laurie did the RFID part (via RFIDIOt), Jeroen van
Beek did the passport software implementation and tying the whole thing together, all I did was the signing. We never touched the passport chip, what we showed was that it's possible to create your own fictitious e-passport that's accepted as valid by the reference Golden Reader Tool. In other words we showed that what security researchers had been warning about ever since e-passports were first proposed was actually possible, following the l0pht's motto "Making the theoretical practical".

Jeroen presented the work at Black Hat'08, http://www.blackhat.com/html/bh-usa-08/bh-usa-08-speakers.html#vanBeek.

Posted by Peter Gutmann writes... at August 18, 2008 10:54 AM

.... Now, a member of the group The Hacker's Choice (THC) has built on that knowledge to describe how anyone can use some free software and cheap hardware to manipulate the personal data on a passport RFID tag. The hack comes accompanied by a video showing a machine in Amsterdam's airport reading Elvis Presley's personal information off a hacked chip.

The process, as described by someone going with the handle VonJeek, is pretty straightforward. Software that emulates passport RFID behavior, apparently written by van Beek, is uploaded onto a blank card. Using a free Python application, an existing passport's chip is read and the data transferred to the emulator. In the process, the bits that call for active verification of the encoded information can be shut off, limiting the verification process when the card is read in the future. Instructions for modifying the information prior to uploading it are also provided.

The instructions come with a video of the hacked card in action at the Amsterdam airport. At a self-service boarding pass machine, the hacker slipped the modified RFID card into his passport, and placed it in a scanning device. Up popped Elvis on the screen. ....

Posted by Become Elvis in real life at October 5, 2008 07:08 AM

.... Using a Certification Authority (CA) could solve the attack but at the same time introduces a new set of attack vectors:

1. The CA becomes a single point of failure. It becomes the juicy/high-value target for the attacker. Single point of failures are not good. Attractive targets are not good.

Any person with access to the CA key can undetectably fake passports. Direct attacks, virus, misplacing the key by accident (the UK government is good at this!) or bribery are just a few ways of getting the CA key.

2. The single CA would need to be trusted by all governments. This is not practical as this means that passports would no longer be a national matter.

3. Multiple CA's would not work either. Any country could use its own CA to create a valid passport of any other country. Read this sentence again: Country A can create a passport data set of Country B and sign it with Country A's CA key. The terminal will validate and display the information as data from Country B.

This option also multiplies the number of 'juicy' targets. It makes it also more likely for a CA key to leak. Revocation lists for certificates only work when a leak/loss is detected. In most cases it will not be detected. ....

Posted by The Risk of ePassports and RFID at October 5, 2008 07:12 AM

We knew it was coming, right?

-------- Original Message --------
Subject: [announce] THC releases video and tool to backup/modify ePassports
Date: Mon, 29 Sep 2008 10:00:26 +0000

http://freeworld.thc.org/thc-epassport/

29th September 2008

THC/vonJeek proudly presents an ePassport emulator. This emulator applet allows you to create a backup of your own passport chip(s).

A video demonstrating the weakness is available at
http://freeworld.thc.org/thc-epassport/

The government plans to use ePassports at Immigration and Border Control. The information is electronically read from the Passport and displayed to a Border Control Officer or used by an automated setup. THC has discovered weaknesses in the system to (by)pass the security checks. The detection of fake passport chips is no longer working. Test setups do not raise alerts when a modified chip is used. This enables an attacker to create a Passport with an altered Picture, Name, DoB, Nationality and other credentials.

This manipulated information is displayed without any alarms going off. The exploitation of this loophole is trivial and can be verified using thc-epassport.

Regardless how good the intention of the government might have been, the facts are that tested implementations of the ePassports Inspection System are not secure.

ePassports give us a false sense of security: We are made to believe that they make use more secure. I'm afraid that's not true: current ePassport implementations don't add security at all.

Yours sincerely,

vonjeek [at] thc dot org
The Hackers Choice
http://www.thc.org

Posted by Allen proxy at October 24, 2008 10:45 AM
Post a comment









Remember personal info?






Hit Preview to see your comment.
MT::App::Comments=HASH(0x56307f32c840) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/Object.pm line 125.