Buffer Overflow Found in RFID Passport Readers
epee1221 writes "Wired ran a story describing Lukas Grunwald's Defcon talk on an attack on airport passport readers. After extracting data from the (read-only) chip in a legitimate passport, he placed a version of the data with an altered passport photo (JPEG2000 is used in these chips) into a writable chip. The altered photo created a buffer overflow in two RFID readers he tested, causing both to crash. Grunwald suggests that vendors are typically using off-the-shelf JPEG2000 libraries, which would make the vulnerability common."
A buffer overflow could let a bad passport inject code into the card reader, such as forcing it to show passports as valid, or accessing the big passport database that it authenticates against. So far, it's just a crash, which is not a big deal. But it could very well be code injection with another week of "research"