Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] RFID enabled e-passport skimming proof of concept code

from [Adam Laurie] Network Security [Permanent Link]
Subject: [Full-disclosure] RFID enabled e-passport skimming proof of concept code released (RFIDIOt)
Date: Fri, 27 Oct 2006 17:35:43 +0100 

The latest version of RFIDIOt, the open-source python library for RFID 
exploration/manipulation, contains code that implements the ICAO 9303 
standard for Machine Readable Travel Documents in the form of a test 
program called 'mrpkey.py'.

This program will exchange crypto keys with the passport and read and 
display the contents therein, including the facial image and the 
personal data printed in the passport.  Currently the data read is 
limited to the following objects:

     Data Group:  61 (EF.DG1 Data Recorded in MRZ)
     Data Group:  75 (EF.DG2 Encoded Identification Features - FACE)

Other Data Groups will be implemented as and when examples come to the 
author's attention.

The ICAO standard relies on a 'secret' key to protect the RFID chip from 
casual reading, which is derived from data printed inside the passport. 
However, this data is also potentially available by other means, so the 
key for a specific passport could be derived without physical access to 
the passport. The information required is as follows:

   The Passport number

   The Date Of Birth of the holder

   The Expiry Date of the Passport

   (Each of the fields also has a check digit which can be calculated by 
the software if not otherwise available).

The author has previously shown that this data can be obtained through 
other channels, such as poorly secured websites, as it is a subset of 
the data that is required by the US Homeland Security for Advance 
Passenger Information, and is therefore commonly collected by airlines 
and other associated organisations.

This article, from the UK national newspaper The Guardian, gives more 
details of one of the techniques used:

   http://www.guardian.co.uk/idcards/story/0,,1766266,00.html

Others have also highlighted the possibility of bruteforcing the keys, 
given that the components are largely predictable, giving a much smaller 
keyspace than might otherwise be supposed:

   http://www.riscure.com/2_news/passport.html

The demonstration code (RFIDIOt.py version 0.1g) can be found here:

   http://rfidiot.org

The ICAO 9303 standard documents can be found here:

   http://www.icao.int/mrtd/publications/doc.cfm

Enjoy!
Adam
-- 
Adam Laurie                         Tel: +44 (0) 1304 814800
The Bunker Secure Hosting Ltd.      Fax: +44 (0) 1304 814899
Ash Radar Station                   http://www.thebunker.net
Marshborough Road
Sandwich                            mailto:adam@thebunker.net
Kent
CT13 0PL
UNITED KINGDOM                      PGP key on keyservers

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] [ MDKSA-2006:191 ] - Updated screen packages fix vulnerability, security
Next by Date:  Re: [Full-disclosure] IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006, Jerome Athias
Previous by Thread:  [Full-disclosure] [ MDKSA-2006:191 ] - Updated screen packages fix vulnerability, security
Next by Thread:  Re: [Full-disclosure] RFID enabled e-passport skimming proof of concept code released (RFIDIOt), Michael Holstein
Indexes:  [Date] [Thread] [Top] [All Lists]