Scan This Guy's E-Passport and Watch Your System Crash

Submitted by Bill St. Clair on Thu, 02 Aug 2007 10:46:13 GMT  <== Science/Technology ==> 

Kim Zetter at Wired - Lukas Grunwald, has crashed passport RFID reading equipment with a code-injecting photo JPEG. He thinks that a more subtle injection could do even better. Hehe. [wired]

Grunwald says he's succeeded in sabotaging two passport readers made by different vendors by cloning a passport chip, then modifying the JPEG2000 image file containing the passport photo. Reading the modified image crashed the readers, which suggests they could be vulnerable to a code-injection exploit that might, for example, reprogram a reader to approve expired or forged passports.

"If you're able to crash something you are most likely able to exploit it," says Grunwald, who's scheduled to discuss the vulnerabilities this weekend at the annual DefCon hacker conference in Las Vegas.

Add comment Edit post Add post