Buffer Overflow Found in RFID Passport Readers 96
epee1221 writes "Wired ran a story describing Lukas Grunwald's Defcon talk on an attack on airport passport readers. After extracting data from the (read-only) chip in a legitimate passport, he placed a version of the data with an altered passport photo (JPEG2000 is used in these chips) into a writable chip. The altered photo created a buffer overflow in two RFID readers he tested, causing both to crash. Grunwald suggests that vendors are typically using off-the-shelf JPEG2000 libraries, which would make the vulnerability common."
Re:Explain to me how... (Score:2, Interesting)
*passport is scanned*
*reader does something weird [because it's being hijacked by buffer overflow exploit code], gives error message*
*passport is re-scanned*
*reader says, "Joe C. Terrorist is OK. His name does not appear in no-fly list. SSN# 666-69-6969 is valid."*
-os