German hackers clone RFID e-passports
Paul Miller|@futurepaul|August 3, 2006 3:30 PM
Oh snap. First the Dutch get their RFID e-passport system cracked, then VeriChip gets its "counterfeit proof" RFID implant copied by a pair of hackers in front of a live audience, and now some hackers in Germany have undermined some of the security behind the electronic passports that the United States and other countries are planning to implement this month. Lukas Grunwald did the honors this time, and says it took him about two weeks to figure out the hack, with most of his time spent reading the publicly available e-passport standards on the International Civil Aviation Organization's official website. Since all countries will be adhering to the ICAO's standard, his hack should work on other passports as well. Grunwald demonstrated for Wired the whole process of cloning a passport, and even proceeded to copy the data to a corporate smartcard, which when slipped between the normal RFID chip and the reader allows him to have a physical passport that differs from his RFID passport. All is not lost however, since most countries plan to have physical inspections to make sure everything matches up, and information cannot currently be modified on the passport -- but the security failures so far sure don't inspire a lot of confidence.