Saturday, March 10, 2007

Demonstration of HID card duplication stopped by legal threats

Demonstration of HID card duplication stopped by legal threats.

" The presentation would have described the technical foundations of RFID technology and demonstrate the security problems with contactless RFID, showing off a device capable of cloning HID cards, said the would-be presenter, Chris Paget, director of research and development for security firm IOActive. The device is similar to other RFID cloners and was built using $20 in parts bought on Ebay, Paget said."

Tuesday, March 06, 2007

How to clone a biometric passport while it's still in the bag

Adam Laurie, owner of the website describes how it is possible to clone a biometric passport while it is still in the bag in a Register article.

In an investigation for the Daily Mail, security consultant Adam Laurie has demonstrated how a new UK biometric passport can be cloned without even being removed from its delivery envelope.

The Mail exploit draws on previous work by Laurie and others, and puts together vulnerabilities in the chip technology, and in the chip security and logistics systems used by the Identity & Passport Service.

The data in the chip is essentially a digital version of what is printed inside the passport itself. The printed data can be read if the passport is presented and opened, and the chip's security system attempts to duplicate this process. The chip data can be read wirelessly, but it is encrypted, with the key printed inside the passport. So in theory, although the chip can be read without the passport (or indeed the delivery envelope) being opened, the data is meaningless without the key.