New risk for electronic passports

Picture 1 of New risk for electronic passports Security experts at the 2006 Black Hat Conference pointed out that RFID tags - often used for access cards, automatic tolls, and even electronic passports - are vulnerable to hackers. take advantage.

At Black Hat 2006, electronic passports equipped with radio frequency identification (RFID) cards have been tested, and the results can easily be duplicated by a laptop equipped with an RFID reader of $ 200 and A smart card recorder has the same price.

In addition, experts point out that RFID tags attached to travel documents to determine US passports from a distance can also be used by terrorists to activate bombs.

Lukas Grunwald, a researcher on DN-Systems, Germany, demonstrated how to copy the data stored in RFID tags from his passport and write that data to a smart card that installs RFID chips. This copied chip can be used to make a fake passport.

The risk will affect millions of Americans when they are expected to receive RFID passports in October. The ability to copy unauthorized data from RFID tags is also a warning for US government officials in favor of e-passport project. These people defied privacy concerns and argued that e-Passport is hard to fake.

Grunwald said there have not been any holes in the encryption mechanism stored in the passport chip. In other words, data can be duplicated only by scanning an RFID tag, but the information cannot be changed.

Grunwald spent about two weeks and $ 5,000 to complete its project, which uses RFID reading hardware and some self-written software to copy information on RFID tags. This also means that an attacker can copy access cards and use them to gain unauthorized access to secure buildings or areas.

Not only the US, the governments of some countries around the world are accelerating the process of integrating RFID tags for passports to minimize the possibility of forgery. Some European countries have even issued electronic passports with integrated RFID tags. Privacy advocates of security experts have warned about the risk of switching to electronic passports.

Data loss is one of these risks. With designs like RFID, they can be read by dedicated readers and detected remotely. An attacker can also determine the passport's citizenship only by the "fingerprint identification" feature of an RFID chip. This ability can be used to activate remote bomb explosions. At Black Hat this year, Kevin Mahaffey, a Flexilis researcher, demoed the video about this risk.