Hackers clone Elvis's passport
By Matthew Sparkes
Posted on 1 Oct 2008 at 11:37
Hackers have released source code that allows the "backup" of RFID-protected passports, although the tool can potentially be used to create fake or cloned documents.
The Hacker's Choice, a non-commercial group of computer security experts, has released a video showing a cloned passport being approved by a security scanner at a Dutch airport. When the reader scans the passport it is revealed to belong to one Elvis Aaron Presley, complete with picture.
A blog post on the site explains that the "attack makes it possible to copy, forge and modify the data so that it is still accepted as a genuine valid passport by the terminal."
However, the scanner is not the same type used at actual border controls, so it is unclear whether this tool could actually be used to fool passport control security checks.
Strangely, for a group of computer experts, their proposed solution to the vulnerability is to avoid computers altogether.
"We know that humans are good at border control. In the end they protected us well for the last 120 years. We also know that humans are good at pattern matching and image recognition. Humans also do an excellent job 'assessing' the person and not just the passport. Take the human part away and passport security falls apart," says the blog post, signed off from The Ministry Of Truth.
"Never let a computer do a job that can be done by a human."
This is not the first time that the security of RFID passports has been called into question. As early as 2006 researchers at the Black Hat conference demonstrated RFID chip cloning.
Last year it was revealed that RFID chips only have a two year warranty, despite being issued in documents designed to last for ten years. The Government has nevertheless said that it is "very confident" that the chips will last for five times their warranty period.
Other RFID-based systems have also come under attack, such as the Oyster card system used on the London Underground. Dutch hackers were able to alter the information stored on the card in order to gain a day's free travel.
Top 5 stories on PC Pro
2. Men prefer net to wife and kids
3. Online bank fraud soars in the UK
advertisement
- Is it worth upgrading a media centre to Windows 8?
- Flickr redesign: is it enough to tempt photographers back?
- Hands on with the new Google Maps
- Nokia Lumia 925 review: first look
- Why I won't subscribe to Creative Cloud
- GoPro camera strapped to a remote-control helicopter: the ultimate boy's toy
- Acer Iconia A1 review: first look
- Acer Aspire P3 review: first look
- Acer Aspire R7 review: first look
- How we produce the PC Pro podcast
- The ICO's shame-faced u-turn on cookies
- Start8 and ModernMix: making Windows 8 work on a desktop
- How to boost your mobile reception
- How to fix Facebook: Social Fixer
- Taking the stress out of WordPress updates
- Where to download free web fonts
- Turn your tablet into a Sky+ remote control
- How to measure the success of a new IT system
- Three years on: the state of the tablet market
- Windows 8: what works and what doesn't
advertisement
