Buffer Overflow Found in RFID Passport Readers

Posted by CowboyNeal on Saturday August 11, 2007 @02:20AM from the never-too-careful dept.

epee1221 writes "Wired ran a story describing Lukas Grunwald's Defcon talk on an attack on airport passport readers. After extracting data from the (read-only) chip in a legitimate passport, he placed a version of the data with an altered passport photo (JPEG2000 is used in these chips) into a writable chip. The altered photo created a buffer overflow in two RFID readers he tested, causing both to crash. Grunwald suggests that vendors are typically using off-the-shelf JPEG2000 libraries, which would make the vulnerability common."

1 of 96 comments (clear)

Min score:

Reason:

Sort:

Re:Explain to me how... by Zerth · 2007-08-11 02:54 · Score: 5, Insightful

Because the way it will actually go is like this:

Passport is scanned
Reader goes casters up
Reader is power cycled
Passport is scanned again
Reader goes casters up

Security Goon say "Shit, that's wierd. But the paper passport looks fine. Go on through."

Owner of said passport traipses past security, making the E-passport no better than a regular one.