Buffer Overflow Found in RFID Passport Readers

Buffer Overflow Found in RFID Passport Readers 96

Posted by CowboyNeal on Saturday August 11, 2007 @10:20AM from the never-too-careful dept.

epee1221 writes "Wired ran a story describing Lukas Grunwald's Defcon talk on an attack on airport passport readers. After extracting data from the (read-only) chip in a legitimate passport, he placed a version of the data with an altered passport photo (JPEG2000 is used in these chips) into a writable chip. The altered photo created a buffer overflow in two RFID readers he tested, causing both to crash. Grunwald suggests that vendors are typically using off-the-shelf JPEG2000 libraries, which would make the vulnerability common."

Buffer Overflow Found in RFID Passport Readers

This discussion has been archived. No new comments can be posted.

Search 96 Comments Log In/Create an Account

Comments Filter:

Re:Explain to me how... (Score:2, Interesting)

by Anonymous Coward writes: on Saturday August 11, 2007 @01:05PM (#20196193)

I'm envisioning:
*passport is scanned*
*reader does something weird [because it's being hijacked by buffer overflow exploit code], gives error message*
*passport is re-scanned*
*reader says, "Joe C. Terrorist is OK. His name does not appear in no-fly list. SSN# 666-69-6969 is valid."*
-os

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Buffer Overflow Found in RFID Passport Readers 96

Buffer Overflow Found in RFID Passport Readers More Login

Buffer Overflow Found in RFID Passport Readers

Re:Explain to me how... (Score:2, Interesting)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot