Similarly, these threats have also revealed the weaknesses of having a blind trust over biometric technologies. In fact, biometric technologies without proper security safeguards would prove a nightmare for India.
Lukas Grunwald, a radio frequency ID (RFID) expert and a German security researcher, demonstrated last year that he could clone the computer chip in an e-passport. Now he has revealed additional vulnerabilities in the design of the new documents and the inspection systems used to read them.
Grunwald, who has also served as an e-passport consultant to the German parliament, says the security flaws allow someone to seize and clone the fingerprint image stored on the biometric e-passport, and to create a specially coded chip that attacks e-passport readers that attempt to scan it.
Grunwald says he has succeeded in sabotaging two passport readers made by different vendors by cloning a passport chip, then modifying the JPEG2000 image file containing the passport photo. Reading the modified image crashed the readers, which suggests they could be vulnerable to a code-injection exploit that might, for example, reprogram a reader to approve expired or forged passports.
“If you’re able to crash something you are most likely able to exploit it,” says Grunwald. E-passports contain RFID chips that are supposed to help thwart document forgery and speed processing of travelers at U.S. entry points. The United States led the charge for global e-passports because authorities said the chip, which is digitally signed by each issuing country, would help distinguish official documents from forged ones.
But Grunwald demonstrated last year how he could extract the data on a passport chip, which is read-only, and clone it to a read-write chip that appears the same to an e-passport reader.
Now Grunwald says he was able to add data to the cloned chip that would allow someone to attack the passport reader. He conducted the attack by embedding a buffer-overrun exploit inside the JPEG2000 file on the cloned chip that contains the passport photo.
Buffer-overrun vulnerabilities occur when coding errors in software allow an attacker to overflow a section of memory dedicated to storing a fixed amount of data. Carefully exploited, they often permit the hacker to execute his own instructions on the vulnerable computer, essentially taking over the device — though Grunwald has not attempted that level of compromise on e-passport readers.
He won’t name the vendors that make the readers he crashed, but says the readers are currently in use at some airport entry points. He says there’s no reason to believe that readers made by other vendors would be any more secure.
The International Civil Aviation Organisation, the United Nations body that developed the standards for e-passports, opted to store travelers’ fingerprints as a digital photo. As a result, it’s possible to seize the image and use it to impersonate a passport holder by essentially hijacking their fingerprints. Japanese researchers several years ago demonstrated the ability to make false fingerprints using gelatin material that could be placed over a finger.
To access any data on the passport, the attacker would need to unlock it using a machine-readable code printed on the passport’s face. Additionally, the International Civil Aviation Organisation recommends that issuing countries protect biometric data on the e-passport with an optional feature known as Extended Access Control, which protects the biometric data on the chip by making readers obtain a digital certificate from the country that issued the passport before the equipment can access the information.
That certificate is only valid for a short period of time, but the chips contain no onboard clock to handle the digital certificate’s expiration, which makes them vulnerable as well, says Grunwald. “It’s a basic mistake,” he says.