Sunday, August 05, 2007

TecH: RFID Passports HACKED again! (2nd yr in row)

I've really gotta hand it to this overweight, German hacker (eats too much western junk food too!)

Lukas Grunwald, an RFID expert who has served as an e-passport consultant to the German parliament, says a security flaw with his German RFID enabled passport can allow him to CRASH the passport reader.

In "Geekspeak",
The security flaws allow someone to seize and clone the fingerprint image stored on the biometric e-passport, and to create a specially coded chip that attacks e-passport readers that attempt to scan it.

Grunwald says he's succeeded in sabotaging two passport readers made by different vendors by cloning a passport chip, then modifying the JPEG2000 image file containing the passport photo. Reading the modified image crashed the readers, which suggests they could be vulnerable to a code-injection exploit that might, for example, reprogram a reader to approve expired or forged passports.

"If you're able to crash something you are most likely able to exploit it," says Grunwald, who's scheduled to discuss the vulnerabilities this weekend at the annual DefCon hacker conference in Las Vegas.

Last year at the BlackHat security conference he showed how he could extract the data on a read-only passport chip and clone it to a read-write chip that appears the same to an e-passport reader. Now Grunwald says he was able to add data to the cloned chip that would allow someone to attack the passport reader.

Buffer-overrun vulnerabilities occur when coding errors in software allow an attacker to overflow a section of memory dedicated to storing a fixed amount of data. Carefully exploited, they often permit the hacker to execute his own instructions on the vulnerable computer, essentially taking over the device.

Now HERE's the scary part!
If a (rfid-passport) reader could be compromised using Grunwald's technique, it might be reprogrammed to misreport an expired passport as a valid one, or even -- theoretically -- to attempt a compromise of the Windows-based border-screening computer to which it is connected.

Or even worse, take over the computer, infect a brand new unknown virus into the network
Now it's time to be AFRAID.
Be REALLY afraid

Scenario one:
Al Queida:
Terrorist network hacker develops new virus/worm (see the Morris worm Here)
which will use the RFID reader to insert code allowing the terrorists into the country, and (say) 1/2 hour later take down the entire AIRPORT, then take down the
internet (the MICROSQUISH internet that is...) a section at a time

Remember " we presume that the terrorists have written a brand new, never before seen virus, that has NEVER been seen, so that ALL virus programs DONT recognize it to stop it!"
SO EVERY single darn WINDOWS box in the WORLD gets infected, and taken down...

(oh and the terrorists are NOW in the country, but their information was also erased from the network before it was blown away (erased).

AUGH... I can't even continue to a use attacking the food supply...

BTW, I AM available for hire... for the right price!!!

1 comment:

Anonymous said...

Why do you think terrorists are that SMART? They don't use their brains to think up schemes like this -- only those kinds that involve lots of blood and gore.

Better to have 5,000 dead bodies blown up in one place than slowly kill a million people by poisoning their food or water.