Slashdot Mirror

← Back to Stories (view on slashdot.org)

Airport Access IDs Hacked In Germany

Posted by timothy on from the wilkommen-sie-herr-aktentasche dept.

teqo writes "Hackers belonging to the Chaos Computer Club have allegedly cloned digital security ID cards for some German airports successfully which then allowed them access to all airport areas. According to the Spiegel Online article (transgoogleation here), they used a 200 Euro RFID reader to scan a valid security ID card, and since the scanner was able to pretend to be that card, used it to forge that valid ID. Even the airport authorities say that the involved system from 1992 might be outdated, but I guess it might be deployed elsewhere anyway."

6 of 102 comments (clear)

  1. Re:Really by Shadow_139 · · Score: 5, Informative

    The kit used, a Proxmark 3 cost ~$470 before P&P but they were been sold at 26c3 for 200 cash-in-hand.

    Sounds like somebody who was at the conference has an hour or two to kill in the airport and decided to play with their new toy.....

    And to anybody saying you could not get it past security, I got my Netbook, Proxmark3, SIM simulator, a few FON and a big of random USB,wireless & BT dongles past them it no issues {except some of the stuff was removed from my carry-on bay and was double x-rays}.

  2. RFID by AlexiaDeath · · Score: 3, Informative

    Last I looked it was 24 bits of binary data and that's it. Even simple number collisions are likely to occur if a facility does not watch out with card orders. With 1992 in the market date, I doubt its much more than that. It has no place securing anything important.

  3. Re:Terrorrism by MichaelSmith · · Score: 3, Informative

    I have some direct experience of airport security. While it varies a lot from place to place it never relies entirely on RFID.

    --
    http://michaelsmith.id.au
  4. Link to the complete (english) talk at 26C3 by gmthor · · Score: 3, Informative

    If you want to know the insights http://media.ccc.de/browse/congress/2009/26c3-3709-en-legic_prime_obscurity_in_depth.html

    --
    How do I uncompress my MD5 archive?
  5. Re:Really by Anonymous Coward · · Score: 4, Informative

    Sounds like somebody who was at the conference has an hour or two to kill in the airport and decided to play with their new toy.....

    The guy who did it is Karsten Nohl, the same guy who deciphered GSM encryption lately. He also reverse engineered the "secret" MIFARE Classic cipher some time ago.

  6. Re:Terrorrism by Anonymous Coward · · Score: 3, Informative

    the large quantity of firearms-trained police officers on site

    who are in the areas where the public are, you fsckin' moron, not behind the wire in the secure areas. Please engage your brain before touching the keyboard next time you revive.