Biometric passport security under fire again

Forged chips can trick RFID readers and crash them too

A German security programmer has demonstrated more flaws in the computer chips used in electronic passports. Last year Lukas Grunwald shocked many when he demonstrated how easily biometric passport chips can be cloned.

Now Grunwald says the security could feasibly be hacked so that the RFID readers in airports would allow expired or even forged passports through. He's been able to alter the data on the passport chips to the extent that they crashed RFID readers made by two different manufactures. Grunwald says that this vulnerability could be exploited to bypass the chip security altogether.

"If you're able to crash something you are most likely able to exploit it," he told Wired .

Electronic passport security flaws

The chips work by storing an encrypted JPEG2000 image of the passport holder. The RFID reader scans the chip, and compares the image to the holder's own face to make sure that the right person is using the passport.

But Grunwald has already demonstrated how he can hack into the chip and modify the image data. It is this that crashes the readers when they scan the chip.

He predicted that most of the vendors are using off-the-shelf software libraries for decoding the JPEG2000 images on passports. This means that a 'one hack fits all' approach would probably defeat any airport in the world.

ABOUT THE AUTHOR

Reviews Editor

James (Twitter, ) oversees the reviews we publish on the site and also edits the TV, AV, Gaming, Car Tech and Gadgets channels. He's been in the field for 13 years, and travels all over the world to attend tech shows, product launches and cult gatherings. James' opinions have been inflicted on audiences of BBC TV, Radio 5 Live, The Guardian, local radio and various magazines and he's a grizzled veteran of most tech shows but will never again to return to CeBIT (no means no).