Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Clone Elvis' Passport

Posted by samzenpus on from the don't-mess-with-the-king dept.

Barence writes "Hackers have released source code that allows the 'backup' of RFID-protected passports, although the tool can potentially be used to create fake or cloned documents. The Hacker's Choice, a non-commercial group of computer security experts, has released a video showing a cloned passport being approved by a security scanner at a Dutch airport. When the reader scans the passport, it is revealed to belong to one Elvis Aaron Presley, complete with picture. Reports of the hackers serenading security staff with 'Are You Clonesome Tonight' are unconfirmed."

15 of 164 comments (clear)

  1. Re:hilarious! by BackwardHatClub · · Score: 2, Insightful

    The 4 hour stop at security would be really hilarious...!

  2. Be careful... by Anton+Styles · · Score: 3, Insightful

    Personally, I'd be rather careful when it comes to ID fraud... Don't want to end up doing the Jailhouse Rock

    --
    "I don't know half of you half as well as I should like, and I like less than half of you half as well as you deserve."
    1. Re:Be careful... by Thiez · · Score: 2, Insightful

      Actually, the Dutch don't own a little piece of Cuba, so no need to panic. Also, laws are relatively sane, so I doubt the people who did this are going to get in trouble, especially since the copied passpart is so obviously fake, and merely proof-of-concept instead of something to be used in an evil plot to take over the world.

    2. Re:Be careful... by Incadenza · · Score: 5, Insightful

      In the Netherlands passports are state property to. If your passport gets lost, you have to pay for a replacement (obviously) *plus* you get fined for losing government property!

    3. Re:Be careful... by EasyTarget · · Score: 3, Insightful

      Unfortunately the current mob in (sort of ) charge here are right up the illiberal-fuck brigade's arse.

      When it was recently demonstrated that the new national travelcard is broken (Mifare) the response was a typical mixture of outrage, damming everybody as criminal, and refusing to accept that people with science degrees are a darn sight smarter than the bunch of PR/MBA wankers who fell for the Mifare sales spin.

      --
      "Oops, I always forget the purpose of competition is to divide people into winners and losers." - Hobbes
    4. Re:Be careful... by Anonymous Coward · · Score: 2, Insightful

      Except in the video, you see they are using a simple blank card. So the ID cards where not from the government in the first place.

      The detection equipment is probably build and bought by private companies, so fooling these also do not involve the government either.

    5. Re:Be careful... by Thiez · · Score: 3, Insightful

      The card they use in the video doesn't appear to be a real passport, only the chip (that may or may not have been removed from a password). Even if what they did is illegal, I would be extremely suprised if anyone involved were to end up in prison, although they may be fined, especially if they got the chip out of a real passport (like you suggested).

  3. Bad title by L4t3r4lu5 · · Score: 4, Insightful

    You can't clone Elvis' passport; They didn't have access to the original.

    They created a passport with fake details which matched the identity of another person. Nothing was cloned. I bet it wasn't even his passport picture, but a stock photo from the web.

    --
    Finally had enough. Come see us over at https://soylentnews.org/
    1. Re:Bad title by wvmarle · · Score: 4, Insightful

      Which, from the face of it, makes the feat even more impressive. Cloning means "simply" reading the data from one passport, and copying it onto another. It is not necessary to decrypt this data, as long as the chip is tricked into releasing it.

      Instead, they created a completely new data set, put this on the chip, and programmed the chip so it correctly answers to the challenge posed by the reader.

      Now the idea of having the data encrypted in the passport chip may be wishful thinking of course... I would expect it is encrypted, if not then it's of course one step less for these hackers. At the very least I would expect some cryptographic checksum, based on some secret key or so, to verify that the passport (i.e. the data on the chip) has been government issued.

      No matter what, a neat hack, and scary that it is possible in the first place.

  4. That's not a security console... by Neelix21 · · Score: 2, Insightful

    I have no idea what kind of console that is, but it doesn't look like much of a "security console" to me.

    This movie only shows that they have succesfully created a cloned passport, and that the scanner does not do any security checks. This was already demonstrated some time ago at a local town hall.

    Doing this again at an airport adds nothing but hype. It does not prove that security in those things is broken.

    --
    Don't worry, it's all just 1's and 0's anyway...
    1. Re:That's not a security console... by Ren+Hoak · · Score: 5, Insightful

      It does not prove that security in those things is broken.
      Ok, so by your words, being able to create a document that contains blatantly false information, and successfully using that document to bypass security doesn't prove that "security in those things is broken". What, pray tell, would be required beyond this to demonstrate that security is broken? Because, you see, in my simple view of things, if you are "Bob" and security is on the lookout for "Bob", and you show them a modified password claiming that you're "Neil", and security lets you through because as far as they can tell you aren't "Bob", security has been compromised. When security is based on human inspection of said passport, clearly it's subject to human error. When security is electronically based, such as the case with RFID, all but the most basic of human interaction should be removed from the "is this a real passport?" equation.

  5. Never let a computer do a job that can be done by by HungryHobo · · Score: 4, Insightful

    "Never let a computer do a job that can be done by a human."
    I just can't agree with this.
    People can be fooled easily enough and the more that's automated properly the better. A human(well thousands of them) *could* do all the interest calculations at your bank but it would be stupid to do it that way.

    There are loads of jobs out there which are better done by machines.

  6. Who should be held accountable for this? by dma1965 · · Score: 2, Insightful

    Some of you may feel this is not "newsworthy", but this illustrates a very important point. Lets look at the whole voting machine mess. The machines were CERTIFIED by the States they were used in. That means that the certifying body agreed that they met all requirements. Yet, once hackers found all of the security flaws in the system, the voting machine manufacturers were "lynched" in the court of public opinion. Lets look at the whole financial mess we are in. The Federal Government is paid by taxpayers to oversee our economy. They failed miserably at this task, and now are trying to saddle taxpayers with the burden of fixing the mess. Ultimately, our Government and the Governments of other nations approved this RFID Passport System...a system which was, at least in part, intended to address security concerns. Now that it is coming out that this too is a failure DUE TO A LACK OF OVERSIGHT AND ACCOUNTABILITY AT THE GOVERNMENT LEVEL, who is going to be blamed this time? Security experts have nearly exhausted themselves trying to get the message out about a lack of security in RFID Passports (and other RFID systems), but are all but ignored. Ultimately, we are all getting what we deserve, because we are simply allowing those we have put in charge of assuring our well being to fail over and over again, and we simply foist the blame on everyone else but those we have employed to prevent these messes from happening. WAKE UP SHEEPLE !!!!

  7. Even real cloning is an issue by illegalcortex · · Score: 2, Insightful

    Actually, even cloned passports are an issue. They're just one you can't do a lot about very easily.

    They're an issue because if you can find someone who looks vaguely like you and clone their passport with or without their cooperation, you can assume their identify. Just alter your features a bit from what is in the picture. If they have medium-long hair, get a buzz cut. If they have no facial hair, grow a bear, mustache. Or vice versa. This is especially effective if you are in a minority in the country you are using the passport, as the "they all look alike" effect will carry you very far. For extra measure you can practice forging their signature.

    Yes, it's a less effective exploit, but one that is a lot harder to guard against. Even if you put more biometric data in the passport like fingerprints, retinal scans or even DNA, the realities of passport processing lines make it unlikely you will be caught.

  8. Re:I'm confused by Sique · · Score: 2, Insightful

    Because passport data is supposed to be read by foreign authorities. Or would you vote for a big worldwide database containing all humans passport data, and accessible by every gouvernment of the world?

    --
    .sig: Sique *sigh*