Slashdot Mirror

← Back to Stories (view on slashdot.org)

Buffer Overflow Found in RFID Passport Readers

Posted by CowboyNeal on from the never-too-careful dept.

epee1221 writes "Wired ran a story describing Lukas Grunwald's Defcon talk on an attack on airport passport readers. After extracting data from the (read-only) chip in a legitimate passport, he placed a version of the data with an altered passport photo (JPEG2000 is used in these chips) into a writable chip. The altered photo created a buffer overflow in two RFID readers he tested, causing both to crash. Grunwald suggests that vendors are typically using off-the-shelf JPEG2000 libraries, which would make the vulnerability common."

8 of 96 comments (clear)

  1. Explain to me how... by binaryspiral · · Score: 2, Funny

    Explain to me how this is an "attack" on passport readers?

    Passport is scanned
    Reader goes casters up
    Reader is power cycled
    Passport is scanned again
    Reader goes casters up
    Owner of said passport is hauled off to some secret room where all of their orifices are checked by an ex-prison guard with large hands.

    This does show the lack of testing and hardening, but it seems a buffer overflow situation like this would be relatively easy to patch.

    1. Re:Explain to me how... by zolf13 · · Score: 2, Funny

      Orifice overflow requires orifice patching.

    2. Re:Explain to me how... by shivamib · · Score: 2, Funny
      Here, I corrected it for you.

      1. Passport is scanned
      2. Bufferoverflow runs handcrafted code
      3. RFID reader claims that this is indeed John Smith, and this is his picture, nonwithstaning the fact that there is
      [...]
      4. Profit!!

      Amsterdam, here we go!
    3. Re:Explain to me how... by solevita · · Score: 2, Funny

      I just hope that it's my face that contains the exploit code.

      Blackhat? No sir! I've just got an unfortunate face!"

  2. Re:Are borders are open! by Anonymous Coward · · Score: 2, Funny

    You should start with studying English. Your skills our lacking.

  3. "..the Windows-based border-screening computer.." by adnonsense · · Score: 2, Funny

    FTFA: "If a reader could be compromised using Grunwald's technique, it might be reprogrammed to misreport an expired passport as a valid one, or even -- theoretically -- to attempt a compromise of the Windows-based border-screening computer to which it is connected."

    That does it. From now on I'm only travelling to countries which use OpenBSD to operate their border gateway protocols.

    And: "Additionally, the International Civil Aviation Organization recommends that issuing countries protect biometric data on the e-passport with an optional feature known as Extended Access Control, which protects the biometric data on the chip by making readers obtain a digital certificate from the country that issued the passport before the equipment can access the information."

    Sounds like in the future, the only people who'll be able to traveler with any degree of success will be those who can forge their passports...

  4. Re:Are borders are open! by couchslug · · Score: 1, Funny

    "The question is : should I study Arabic or Spanish to welcome our new overlords."

    Yes. :)

    --
    "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
  5. Re:"..the Windows-based border-screening computer. by adnonsense · · Score: 2, Funny

    'k, I'm staying at home from now on...