In association with heise online

02 August 2007, 13:44

Scan me and I'll get you!

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

RFID security expert Lukas Grunwald now wants to claim for electronic passports what Andrew Tanenbaum demonstrated about a year ago with his RFID virus for Oracle software. Grunwald has used a cloned RFID chip and a modified JPG image similar to the ones embedded in an e-passport to crash the software that supports several RFID readers. According to Wired magazine, Grunwald suggests that an easily triggered buffer overflow may also allow injection and execution of malicious code. However, so far he hasn't managed to achieve this. The results of his research are to be discussed in his lecture "First We Break Your Tag, Then We Break Your Systems" at the DefCon hacker conference in Las Vegas.

If it were possible to execute malicious code on the reader, the information offered by the chip could also be manipulated, for example to give an immigration official the on-screen impression of a valid passport even though the passport is actually invalid. Grunwald doesn't want to name the affected RFID readers but says that they are in use at several airports. He believes it likely that other vendors' products contain the same vulnerability since they probably use the same (vulnerable) software for JPEG2000 image processing as the readers he tested.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit