A German security researcher who demonstrated last year that he
could clone the computer chip in an electronic passport has revealed
additional vulnerabilities in the design of the new documents and the
inspection systems used to read them.
Lukas Grunwald, an RFID expert who has served as an e-passport
consultant to the German parliament, says the security flaws allow
someone to seize and clone the fingerprint image stored on the
biometric e-passport, and to create a specially coded chip that attacks
e-passport readers that attempt to scan it.
Grunwald says he's succeeded in sabotaging two passport readers made
by different vendors by cloning a passport chip, then modifying the
JPEG2000 image file containing the passport photo. Reading the modified
image crashed the readers, which suggests they could be vulnerable to a
code-injection exploit that might, for example, reprogram a reader to
approve expired or forged passports.
“If you're able to crash something you are most likely able to
exploit it,” says Grunwald, who's scheduled to discuss the
vulnerabilities this weekend at the annual DefCon hacker conference in
Read the full story here.
Say NO to ID Cards, Say NO to the Database State.