E-passports can be falsified without any alerts going off, make your own : A secure democratic Net is a fundamental right

concours

contact me

Contact mailforlen

Syndicate this site (rss)

Syndicate this site (XML)

Get this by mail

Recent Posts

Categories

search belsec

translate this blog

Toolz, links, books

My pix albums

Archives

Copyright

You can republish and link parts of what you find (not the whole thing) to whatever you find here - except the comix that you have to ask me - as long as you don't ask money for it and attribute it with a link.Made For Adsense sites have no rights.

Disclaimer

This blog and all of its links and other projects are my personal projects that have nothing to do with my real job or with any other organisation. This means that any opinion published here is NOT an opinion of any employer or organisation I work with. THis is my personal space of democratic freedom of speech to stimulate an open debate and to fight effectively cybercrime and promote cybersecurity in all of its aspects. The fact that thousands of links are made available as 'Open Intelligence' does not mean that this author agrees with them or is responsable for the legality of them.

« never has there been so many viruses unlashed on the internet in august and september shows no sign of changing that trend | HomePage | ING online banking was open for creating any new account on the account of anyone »

09/30/2008

E-passports can be falsified without any alerts going off, make your own

"THC/vonJeek proudly presents an ePassport emulator. This emulator applet
allows you to create a backup of your own passport chip(s).

A video demonstrating the weakness is availabe at
http://freeworld.thc.org/thc-epassport/

The government plans to use ePassports at Immigration and Border Control. 
The information is electronically read from the Passport and displayed to a Border 
Control Officer or used by an automated setup. 
THC has discovered weaknesses in the system to (by)pass the security checks. 
The detection of fake passport chips is no longer working. 
Test setups do not raise alerts when a modified chip is used. 
This enables an attacker to create a Passport with an altered 
Picture, Name, DoB, Nationality and other credentials.

This manipulated information is displayed without any alarms going off.
The exploitation of this loophole is trivial and can be verified using thc-epassport."

comment
We knew this would happen.

The research to discover vulnerabilities - which obviously wasn't done
during the production phase has turned into research to manipulate these vulnerabilities. 
There is only one efficient control and that is human control and this is why border controls
should be human in the first place,

before entering (appliant case) during (control) and afterwards (analysis travels)

14:47 | Permalink | Comments (0) | Email this | | del.icio.us | | Digg! Digg | Facebook

Post a comment