A German security programmer has demonstrated more flaws in the computer chips used in electronic passports. Last year Lukas Grunwald shocked many when he demonstrated how easily biometric passport chips can be cloned.
Now Grunwald says the security could feasibly be hacked so that the RFID readers in airports would allow expired or even forged passports through. He's been able to alter the data on the passport chips to the extent that they crashed RFID readers made by two different manufactures. Grunwald says that this vulnerability could be exploited to bypass the chip security altogether.
"If you're able to crash something you are most likely able to exploit it," he told Wired .
Electronic passport security flaws
The chips work by storing an encrypted JPEG2000 image of the passport holder. The RFID reader scans the chip, and compares the image to the holder's own face to make sure that the right person is using the passport.
But Grunwald has already demonstrated how he can hack into the chip and modify the image data. It is this that crashes the readers when they scan the chip.
He predicted that most of the vendors are using off-the-shelf software libraries for decoding the JPEG2000 images on passports. This means that a 'one hack fits all' approach would probably defeat any airport in the world.