Network Security: Detailed info on Re: [Full-disclosure] RFID enabled e-passport skimming proof of concept

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security FullDisclosure

[Top] [All Lists]

Re: [Full-disclosure] RFID enabled e-passport skimming proof of concept

from [Michael Holstein] Network Security

[Permanent Link]

Subject:	Re: [Full-disclosure] RFID enabled e-passport skimming proof of concept code released (RFIDIOt)
Date:	Mon, 30 Oct 2006 10:10:26 -0500

That article focuses on Dutch passports, but in the US it's essentially 
the same.

   The Passport number


a 10 digit number (I don't know where they start, but it certainly 
wasn't 0000000001).

   The Date Of Birth of the holder


about 32,000 possibilities (assuming < 90yrs old)

   The Expiry Date of the Passport


Passports are vaild for 10 years (for an adult in the US), and 
expiration is just MM/YYYY .. so that's only 120 possibilities.

A very small dictionary for "brute force" indeed, and I'd be happy to 
code such a routine.

Does anyone know if the chips in the latest passports (USA issue) 
prevent this sort of thing, or can you try keys as fast as the RF 
interface will permit?

Cheers,

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Full-disclosure] RFID enabled e-passport skimming proof of concept code released (RFIDIOt), Adam Laurie Re: [Full-disclosure] RFID enabled e-passport skimming proof of concept code released (RFIDIOt), Michael Holstein <= Re: [Full-disclosure] RFID enabled e-passport skimming proof of concept code released (RFIDIOt), Adam Laurie Re: [Full-disclosure] RFID enabled e-passport skimming proof of concept code released (RFIDIOt), Adam Laurie Re: [Full-disclosure] RFID enabled e-passport skimming proof of concept code released (RFIDIOt), Valdis . Kletnieks Re: [Full-disclosure] RFID enabled e-passport skimming proof of concept code released (RFIDIOt), Michael Holstein

Previous by Date:	[Full-disclosure] Firefox <= 2.0 crash, Carlos Barros
Next by Date:	Re: [Full-disclosure] Enron Mail archive..... oops, Randal T. Rioux
Previous by Thread:	[Full-disclosure] RFID enabled e-passport skimming proof of concept code released (RFIDIOt), Adam Laurie
Next by Thread:	Re: [Full-disclosure] RFID enabled e-passport skimming proof of concept code released (RFIDIOt), Adam Laurie
Indexes:	[Date] [Thread] [Top] [All Lists]