Buffer Overflow Found in RFID Passport Readers 96
epee1221 writes "Wired ran a story describing Lukas Grunwald's Defcon talk on an attack on airport passport readers. After extracting data from the (read-only) chip in a legitimate passport, he placed a version of the data with an altered passport photo (JPEG2000 is used in these chips) into a writable chip. The altered photo created a buffer overflow in two RFID readers he tested, causing both to crash. Grunwald suggests that vendors are typically using off-the-shelf JPEG2000 libraries, which would make the vulnerability common."
Of course they are vulnerable (Score:3, Insightful)
The only thing the manufacturers of these systems can do is thoroughly test their software, and make the attack possibilities as small as possible. For instance, they should check the signature under the data before passing the data on to the next layers. Of course, for this you need the certificate of the issuing state. You should also test if the underlying libraries that do this initial check are not vulnerable.
Honestly... (Score:2, Insightful)
#1: the guard will humanly read your inside cover photo with extra vigilance...the chip is not the only method of ID
#2: you'll probably be detained for a bit while they re-test your passport; if it fails again, they'll tell you to get a new passport
(#2a: or be placed on a no-fly list, because you're a terrorist)
Plus, how exactly would a code-injection exploit work unless it's something like the GDI+ vulnerability that occurred with WMF files? (If a rogue guard is injecting evil code into the machine, the government had waaay more scary problems ahead than with some 'sploiting a passport reader).
All that being said, there are some things (i.e. voting machines) that just should not be electronic-ized, and I feel this is one of them.
Other than "it'll get you through faster!!", what is the point of using chips when, more than likely, the passport clerk has to humanly-read it to verify the info anyway? Especially considering that the particular RFID chip technology used in the passport is going to be obsolete or cracked in 3 years, and most passports don't expire for five or ten years?
Re:Explain to me how... (Score:5, Insightful)
Passport is scanned
Reader goes casters up
Reader is power cycled
Passport is scanned again
Reader goes casters up
Security Goon say "Shit, that's wierd. But the paper passport looks fine. Go on through."
Owner of said passport traipses past security, making the E-passport no better than a regular one.
Re:Explain to me how... (Score:5, Insightful)
Hacker crafts jpeg with exploit code
Passport is scanned
Exploit code is injected
Reader silently executes exploit code
Reader continues operation with nobody any the wiser
A compromised reader lets you bypass the biometrics.
Re:Explain to me how... (Score:3, Insightful)
It might be possible for an attacker to exploit the buffer overflow in order to cause the reader to execute software chosen by the attacker. For example, the attacker might insert code that recognizes his forged passport as valid, or that recognizes somebody else's passport (who may have flew in on the same flight) as invalid.
Lost faith on RFID security long ago? (Score:3, Insightful)
Re:"..the Windows-based border-screening computer. (Score:1, Insightful)
Cambridge Researcher Breaks OpenBSD Systrace:
http://it.slashdot.org/it/07/08/09/138224.shtml [slashdot.org]
Nothing's "completely invulnerable"...
Re:This is the reason closed source is good (Score:2, Insightful)
the usual (Score:2, Insightful)
There is no reason why any modern programming language should permit accidental buffer overflows; they are easily preventable without pushing the burden onto the programmer even in programming languages with the same power as C and C++.
Re:the usual (Score:4, Insightful)
Now if you're saying that there's no need to develop the vast majority of today's computer software in assembly, C, or C++, then I agree with you wholeheartedly -- but we're not talking about a computer, we're talking about an RFID reader. You know, a small device that doesn't have the latest gaming processor from AMD and Intel and 2 gigs of RAM. It has enough memory for what it needs to do and that's it; and, to be low power, it has a small, simple embedded processor.
You can't run a JVM on this thing, and even if you wanted to, it would be a bad idea.