digg

Join DiggAbout

Discover the best of the web!
Learn more about Digg by taking the tour.

Scan This Guy's E-Passport and Watch Your System Crash

wired.com — RFID expert Lukas Grunwald says e-passport readers are vulnerable to sabotage. photo: Courtesy of Kim Zetter A German security researcher who demonstrated last year that he could clone the computer chip in an electronic passport has revealed additional vulnerabilities in the design of the new documents and the inspection systems used to read them.

Bury
show profanity settings
expand all
  • weebit, on 10/10/2007, -1/+22No encryption? If not then shame on them!
    • cmiz, on 10/10/2007, -0/+7Supposedly the only thing on the chips in the current US passports is a jpeg image of your passport photo. The person scanning can then compare the image to your picture and it's another layer of security to thwart fake passports. Since they're not reading any sort of real personal information from the chip... security isn't as big a deal as most would imagine. That being said, I'm still surprised they didn't use at least some basic type of encryption as a best practice.
  • laserjobs, on 10/10/2007, -2/+32Throw your passport in the microwave for 5-10 seconds and RFID chip is fried. No problem anymore.
  • ApokalypseNow, on 10/10/2007, -2/+23I threw mine in the microwave and saw a bright flash, accompanied by a small pop, within 2 seconds. Bang, dead RFID chip.
    • noahhoward, on 10/10/2007, -0/+26I've got a feeling that sooner or later you won't be able to board a plane if your RFID chip won't scan.
      • MWeather, on 10/10/2007, -2/+7Then hackers will make sure no scanner will scan.
        • noahhoward, on 10/10/2007, -1/+6Then no one will board a plane, good plan. If the entire scanning system went down, the airports would immediately be locked down.
          • Otto, on 10/10/2007, -0/+5It's called a Denial Of Service attack, and so yes, that would be the whole goal. If the equipment not working stops service, then a malicious person could easily make it not work.
    • NinjaBoy, on 10/10/2007, -0/+11sadly you wont be able to board the plan coming BACK to America. You terrorist.
  • MWeather, on 10/10/2007, -1/+13I prefer using a hammer. It's more satisfying.
  • theFuzzyWarble, on 10/10/2007, -7/+1if has hammah, cans hammah all dayz?!
  • Error601, on 10/10/2007, -3/+2Uh, so? Let's get a list of how many documents are out there that are not copyable.
  • joethepeacock, on 10/10/2007, -8/+3This is the fourth Wired article today. I have the Wired feed on my iGoogle... I don't really need to see it repeated in my Digg headlines...
    • MellerTime, on 10/10/2007, -0/+1Well it's not like Digg creates its own content, so I'm not sure what ELSE you expected to see on it...
    • kh99, on 10/10/2007, -0/+0Here's a tip - ignore them. I have no idea why you'd waste your time commenting.
  • socokoolaid, on 10/10/2007, -0/+4I expect a long line of ridiculous mistakes in these things.lol...exploitable jpg library. Until now they probably didn't realize you could clone their read only chips.
  • nonsequitor, on 10/10/2007, -3/+4In honor of the Simpsons movie, let me say:

    Ha Ha

    I know what talk I'm going to Friday night. That is if I am finished writing my talk for Saturday evening by then. DefCon FTW!
  • Palmer586, on 10/10/2007, -1/+7Someone should shove some pr0n on there, just to see the expression of the person who scanned the passport.
    • BigBunion, on 10/10/2007, -0/+2I put some Goatse on mine. I don't know why the passport checkers keep vomitting...
  • Happysin, on 10/10/2007, -0/+8Bah, you'd think they would learn by now. Also, be careful killing the RFID in your passport. That is a federal offense. *****, but true.
    • Adrnshw6, on 10/10/2007, -0/+1How would they know if it was accidentally destroyed or not?
  • kh99, on 10/10/2007, -2/+0Solution - strip search for anyone who's passport crashes the scanning system.
  • maniacmatt2788, on 10/10/2007, -0/+2It may be illegal to purposefully destroy the RFID chip but what if i "accidentally" send it through a washing machine?
    • jpop, on 10/10/2007, -0/+1Probably wouldn't hurt it. Your passport on the other hand...
    • weebit, on 10/10/2007, -0/+1will scanning it fry it? Some places will scan you going in the building. One place I know of... (Federal building) their scanner is real sensitive. It picks up change in your pocket regardless if you have one piece or several.
  • srf21c, on 10/10/2007, -0/+2Everybody calm down. You can take comfort in the knowledge that we're still ***** either way.

    E-Passport: Doorway to the Panopticon
    http://www.strike-the-root.com/62/scarmig/scarmig1.html
  • understudy, on 10/10/2007, -0/+2RFID works well for inventory, but it is nowhere near the point of being secure enough to use in passports and credit cards. If I owned either a new passport, I'd disable the chip.

    Also, you can usually specifically request a non-RFID credit card from your bank and you should do so.

    _
  • nerdism, on 10/10/2007, -0/+4He also adds, "The jelly donuts in the lobby are excellent."
  • aixroot, on 10/10/2007, -0/+0I worry more about the current type of government which controls this sort of information.
  •  

    Login or register to add a comment

    Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.


© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.