Chip-based ID cards pose security risk at airports
According to German ARD's Kontraste (Contrasts) TV program, terrorists can remotely steal data that allows them to access restricted areas at several German airports. The German news agency, dpa, says a spokeswoman from Hamburg airport has denied the report. She said that while hackers of the Chaos Computer Club (CCC) did crack the chip's on staff ID cards, that doesn't automatically give access to security areas – although the report by Kontraste painted a somewhat different picture. Furthermore, the airport has apparently already solved the problem: "But we won't say how we did it, of course."
According to the report, hackers of the Chaos Computer Club in Berlin used "relatively simple means" to crack the RFID-based LEGIC Prime chip card system. They reportedly developed a device which secretly reads the ID cards and stores the data of airport employees. CCC member Karsten Nohl told the TV researchers: "The system is easy to crack. We were frankly shocked to find no obstacles to overcome whatsoever." According to the report, the ID card system is used at airports in Hamburg, Berlin-Tegel, Stuttgart, Dresden and Hanover.
Having previously cracked the encryption on NXP's "Mifare Classic" smart cards, Nohl and Henryk Plötz also demonstrated how to analyse and clone the Swiss vendor LEGIC's "Prime" range of RFID cards at the 26th Chaos Communication Congress (26C3). As Nohl explained in December "We can emulate the reading device, modify commands and ultimately emulate any of the cards". The hacker recommended that major LEGIC customers who issue Prime-based RFID cards immediately migrate at least to the more recent "LEGIC Advant" product line. The Prime range was introduced in 1992.
"Kontraste" illustrated the use of LEGIC Prime at German airports and At Hamburg airport, the hackers even managed to access the runway without being stopped. According to the airport's spokeswoman, employees first need to show their ID and chip card and then pass a security checkpoint. However, during the investigations by Kontraste, it was sometimes enough to hold an ID card up to a door-mounted reading device to gain access to restricted airport areas without any further checks. According to the spokeswoman, the cards contain personal data as well as information such as cafeteria credits. The Swiss chip card vendor had reportedly informed the airport of the card hack last year. The spokeswoman said "We've had no incidents".
A spokesperson from the German Ministry of the Interior told the TV researchers: "We have asked the airport operators to review their security checking systems". Rainer Wendt, the chairman of the German police union, has demanded that airports immediately replace their cracked security systems with a state-of-the-art alternative. "Security operations should immediately be placed under the strict control of the German federal police to ensure that airport operators don't continue with their lax security practices".
- Datenklau per Funk – Sicherheitsrisiko an deutschen Flughäfen, German language report from Kontraste.
- 26C3: Nothing to crack in "Legic Prime" RFID chip cards security system