Forwarded from: rm (at) segfault.net http://freeworld.thc.org/thc-epassport/ 29th September 2008 THC/vonJeek proudly presents an ePassport emulator. This emulator applet allows you to create a backup of your own passport chip(s). A video demonstrating the weakness is availabe at http://freeworld.thc.org/thc-epassport/ The government plans to use ePassports at Immigration and Border Control. The information is electronically read from the Passport and displayed to a Border Control Officer or used by an automated setup. THC has discovered weaknesses in the system to (by)pass the security checks. The detection of fake passport chips is no longer working. Test setups do not raise alerts when a modified chip is used. This enables an attacker to create a Passport with an altered Picture, Name, DoB, Nationality and other credentials. This manipulated information is displayed without any alarms going off. The exploitation of this loophole is trivial and can be verified using thc-epassport. Regardless how good the intention of the government might have been, the facts are that tested implementations of the ePassports Inspection System are not secure. ePassports give us a false sense of security: We are made to believe that they make use more secure. I'm afraid that's not true: current ePassport implementations don't add security at all. Yours sincerly, vonjeek [at] thc dot org The Hackers Choice http://www.thc.org __________________________________________________ Register now for HITBSecConf2008 - Malaysia! With a new triple-track conference featuring 4 keynote speakers and over 35 international experts, this is the largest network security event in Asia and the Middle East! http://conference.hackinthebox.org/hitbsecconf2008kl/Received on Tue Sep 30 2008 - 01:18:52 PDT
This archive was generated by hypermail 2.2.0 : Tue Sep 30 2008 - 01:31:56 PDT