Scan This Guy's E-Passport and Watch Your System Crash

["'Richard M. Smith'" <rms () computerbytesman com>]

http://www.wired.com/politics/security/news/2007/08/epassport

Scan This Guy's E-Passport and Watch Your System Crash
By Kim Zetter 08.01.07 | 2:00 AM 

A German security researcher who demonstrated last year that he could clone
the computer chip in an electronic passport has revealed additional
vulnerabilities in the design of the new documents and the inspection
systems used to read them.

Lukas Grunwald, an RFID expert who has served as an e-passport consultant to
the German parliament, says the security flaws allow someone to seize and
clone the fingerprint image stored on the biometric e-passport, and to
create a specially coded chip that attacks e-passport readers that attempt
to scan it.

Grunwald says he's succeeded in sabotaging two passport readers made by
different vendors by cloning a passport chip, then modifying the JPEG2000
image file containing the passport photo. Reading the modified image crashed
the readers, which suggests they could be vulnerable to a code-injection
exploit that might, for example, reprogram a reader to approve expired or
forged passports.

"If you're able to crash something you are most likely able to exploit it,"
says Grunwald, who's scheduled to discuss the vulnerabilities this weekend
at the annual DefCon hacker conference in Las Vegas.



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.