Israeli scientist reveals security problems in US passports, smart cardsApril 16th, 2010 - 3:48 pm ICT by ANI
Washington, April 16 (ANI): An Israeli scientist has revealed security holes in America’s passports and “smart cards”.
Since 2007, every new U.S. passport comprises a computer chip.
Embedded in the back cover of the passport, the “e-passport” contains biometric data, electronic fingerprints and pictures of the holder, and a wireless radio frequency identification (RFID) transmitter.
While the system was designed to operate at close range, hackers were able to access it from afar.
But a study by Prof. Avishai Wool of Tel Aviv University’s School of Electrical Engineering ensured that the computer chip in American e-passports could be read only when the passport is opened.
The research has been cited by organizations including the Electronic Frontier Foundation.
Now, fresh research from Prof. Wool finds serious security drawbacks in similar chips that are being embedded in credit, debit and “smart” cards.
The vulnerabilities of this electronic approach - and the vulnerability of the private information contained in the chips - are becoming more acute.
Using simple devices constructed from 20dollar disposable cameras and copper cooking-gas pipes, Prof. Wool and his students Yossi Oren and Dvir Schirman have shown how easily the cards’ radio frequency (RF) signals can be disrupted.
Prof. Wool’s new study centres on the new “e-voting” technology being implemented in Israel.
Prof. Wool said: “We show how the Israeli government’s new system based on the RFID chip is a very risky approach for security reasons. It allows hackers who are not much more than amateurs to break the system.
“One way to catch hackers, criminals and terrorists is by thinking like one.”
In his lab, Prof. Wool constructed an attack mechanism - an RFID “zapper” - from a disposable camera.
Replacing the camera’s bulb with an RFID antenna, he showed how the EMP (electro-magnetic pulse) signal produced by the camera could destroy the data on nearby RFID chips such as ballots, credit cards or passports.
He said: “In a voting system, this would be the equivalent of burning ballots - but without the fire and smoke.”
Another attack involves jamming the radio frequencies that read the card.
Although the card’s transmissions are designed to be read by antennae no more than two feet distant, Prof. Wool and his students demonstrated how the transmissions can be jammed by a battery-powered transmitter 20 yards away.
This means that an attacker can disable an entire voting station from across the street. Similarly, a terror group could “jam” passport systems at U.S. border controls relatively easily, he suggests.
The most insidious type of attack is the “relay attack.”
In this scenario, the voting station assumes it is communicating with an RFID ballot near it - but it’s easy for a hacker or terrorist to make equipment that can trick it.
Such an attack can be used to transfer votes from party to party and nullify votes to undesired parties, Prof. Wool demonstrates.
A relay attack may also be used to allow a terrorist to cross a border using someone else’s e-passport.
Prof Wool said: “All the new technologies we have now seem really cool. But when anything like this first comes onto the market, it will be fraught with security holes.
“In America the Federal government poured a lot of money into e-voting, only to discover later that the deployed systems were vulnerable. Over the last few years we’ve seen a trend back towards systems with paper trails as a result.”
But there are some small steps that can be taken to make smart cards smarter, according to Prof. Wool.
The easiest one is to shield the card with something as simple as aluminium foil to insulate the e-transmission.
In the case of e-voting, a ballot box could be made of conductive materials.
Prof Wool’s work will be presented at the IEEE RFID conference in Orlando, FL, this month. (ANI)
- Expert picks out loopholes in US e-passports - Apr 16, 2010
- 'External affairs ministry's budget, staff insufficient' - May 08, 2012
- Poll panel, Gujarat government get notice on e-voting - Jul 07, 2010
- Vehicles to have prepaid chip for toll payments: Kamal Nath - Oct 27, 2010
- Gujarat High Court seeks details of EVM, e-voters - Oct 27, 2010
- Court dismisses plea on irregularities in electoral rolls - Feb 09, 2011
- Security flaws surface in UK e-passport scheme - Aug 06, 2008
- Devices to be powered out of thin air - Jul 11, 2011
- Beware - e-pick pockets could 'skim' your credit cards for money! - Dec 20, 2010
- 'New immigration law, online platform on the way' - Nov 25, 2011
- Punj Lloyd inks pact with Malaysia's Hopetech - Nov 29, 2010
- India's first RFID technology toll comes up near Chandigarh - Apr 19, 2012
- Notices to Gujarat government, poll panel on voters' list 'irregularities' - Aug 13, 2010
- Twitter blamed for Olympic cyclic coverage issues - Jul 30, 2012
- Pakistan police to launch FM radio - Jun 11, 2012
Tags: avishai wool, disposable cameras, dvir, electro magnetic pulse, electronic approach, electronic fingerprints, electronic frontier foundation, gas pipes, israeli scientist, pulse signal, radio frequency identification, radio frequency rf, rf signals, rfid antenna, security holes, smart cards, tel aviv university, u s passport, voting technology, wireless radio frequency