Hackers Clone Elvis' Passport

← Back to Stories (view on slashdot.org)

Hackers Clone Elvis' Passport

Posted by samzenpus on Wednesday October 1, 2008 @09:30PM from the don't-mess-with-the-king dept.

Barence writes "Hackers have released source code that allows the 'backup' of RFID-protected passports, although the tool can potentially be used to create fake or cloned documents. The Hacker's Choice, a non-commercial group of computer security experts, has released a video showing a cloned passport being approved by a security scanner at a Dutch airport. When the reader scans the passport, it is revealed to belong to one Elvis Aaron Presley, complete with picture. Reports of the hackers serenading security staff with 'Are You Clonesome Tonight' are unconfirmed."

5 of 164 comments (clear)

Min score:

Reason:

Sort:

Bad title by L4t3r4lu5 · 2008-10-01 22:27 · Score: 4, Insightful

You can't clone Elvis' passport; They didn't have access to the original.

They created a passport with fake details which matched the identity of another person. Nothing was cloned. I bet it wasn't even his passport picture, but a stock photo from the web.

--
Finally had enough. Come see us over at https://soylentnews.org/
1. Re:Bad title by wvmarle · 2008-10-02 01:20 · Score: 4, Insightful
  
  Which, from the face of it, makes the feat even more impressive. Cloning means "simply" reading the data from one passport, and copying it onto another. It is not necessary to decrypt this data, as long as the chip is tricked into releasing it.
  Instead, they created a completely new data set, put this on the chip, and programmed the chip so it correctly answers to the challenge posed by the reader.
  Now the idea of having the data encrypted in the passport chip may be wishful thinking of course... I would expect it is encrypted, if not then it's of course one step less for these hackers. At the very least I would expect some cryptographic checksum, based on some secret key or so, to verify that the passport (i.e. the data on the chip) has been government issued.
  No matter what, a neat hack, and scary that it is possible in the first place.
Never let a computer do a job that can be done by by HungryHobo · 2008-10-01 23:00 · Score: 4, Insightful

"Never let a computer do a job that can be done by a human."
I just can't agree with this.
People can be fooled easily enough and the more that's automated properly the better. A human(well thousands of them) *could* do all the interest calculations at your bank but it would be stupid to do it that way.
There are loads of jobs out there which are better done by machines.
Re:That's not a security console... by Ren+Hoak · 2008-10-01 23:28 · Score: 5, Insightful

It does not prove that security in those things is broken.
Ok, so by your words, being able to create a document that contains blatantly false information, and successfully using that document to bypass security doesn't prove that "security in those things is broken". What, pray tell, would be required beyond this to demonstrate that security is broken? Because, you see, in my simple view of things, if you are "Bob" and security is on the lookout for "Bob", and you show them a modified password claiming that you're "Neil", and security lets you through because as far as they can tell you aren't "Bob", security has been compromised. When security is based on human inspection of said passport, clearly it's subject to human error. When security is electronically based, such as the case with RFID, all but the most basic of human interaction should be removed from the "is this a real passport?" equation.
Re:Be careful... by Incadenza · 2008-10-01 23:47 · Score: 5, Insightful

In the Netherlands passports are state property to. If your passport gets lost, you have to pay for a replacement (obviously) *plus* you get fined for losing government property!