Hackers clone Elvis's passport
By Matthew Sparkes
Posted on 1 Oct 2008 at 11:37
Hackers have released source code that allows the "backup" of RFID-protected passports, although the tool can potentially be used to create fake or cloned documents.
The Hacker's Choice, a non-commercial group of computer security experts, has released a video showing a cloned passport being approved by a security scanner at a Dutch airport. When the reader scans the passport it is revealed to belong to one Elvis Aaron Presley, complete with picture.
A blog post on the site explains that the "attack makes it possible to copy, forge and modify the data so that it is still accepted as a genuine valid passport by the terminal."
However, the scanner is not the same type used at actual border controls, so it is unclear whether this tool could actually be used to fool passport control security checks.
Strangely, for a group of computer experts, their proposed solution to the vulnerability is to avoid computers altogether.
"We know that humans are good at border control. In the end they protected us well for the last 120 years. We also know that humans are good at pattern matching and image recognition. Humans also do an excellent job 'assessing' the person and not just the passport. Take the human part away and passport security falls apart," says the blog post, signed off from The Ministry Of Truth.
"Never let a computer do a job that can be done by a human."
This is not the first time that the security of RFID passports has been called into question. As early as 2006 researchers at the Black Hat conference demonstrated RFID chip cloning.
Last year it was revealed that RFID chips only have a two year warranty, despite being issued in documents designed to last for ten years. The Government has nevertheless said that it is "very confident" that the chips will last for five times their warranty period.
Other RFID-based systems have also come under attack, such as the Oyster card system used on the London Underground. Dutch hackers were able to alter the information stored on the card in order to gain a day's free travel.
Top 5 stories on PC Pro
2. Men prefer net to wife and kids
3. Online bank fraud soars in the UK
From around the web
advertisement
- How to install Internet Explorer 9
- Maintaining and supporting IE9
- Plan your deployment
- Creating a custom browser package
- Search in corporate environments
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- Amazon Kindle Fire review: first look
- Lytro light-field camera: first look
- CES: Why booth babes are bad marketing
- How to make Google AdWords work for your business
- The curse of sloppily written software
- Paying for your crimes with Bitcoin
- Behind the scenes: tech support for Formula 1
- The security risk of fat fingers
- Why Windows Phone 7 isn't quite ready for business
- When will Microsoft stop fiddling with Windows 8?
- Flash down the pan?
- Metro Style apps vs desktop applications
- Coping with Facebook changes
advertisement
Printed from www.pcpro.co.uk