Why do passports have RFID chips

Security expert demonstrates cloning of RFID passports

If you follow the statements of companies and authorities, the new electronic passports, in which data is stored on RFID chips, are secure. Obviously, this is not the case: After employees of a Dutch security company had already shown on television at the beginning of the year how the data transmitted between the ID document and the RFID reader can be intercepted and decrypted within a few hours, a German security expert is currently leading the "Black Did Briefings and Training USA 2006 "in Las Vegas, how the data stored on the RFID chips can be copied and read into another electronic identification document.

"The current ePassport architecture is a huge brain damage," says Lukas Grunwald in disgust in relation to the online magazine Wired News. "From my point of view, RFID passports are a huge waste of money because they do not increase security in any way," explains the managing director of Hildesheimer DN-Systems, a consulting company specializing in IT security products and services. According to Grunwald, it only took two weeks to find out how the electronic data of an RFID passport could be read out, cloned and transferred to another chip - including smart cards, which could then be used for access authorizations.

In his research, Grunwald mainly used official documents from the international aviation authority ICAO, in which the system standards for ePassports are described. As a reading and writing device, the security expert uses an officially approved RFID reader from the German ACG Identification Technologies for border controls. The software used is the "Golden Reader Tool" (GRT), which meets the requirements of the ICAO. After Grunwald has read the data from an RFID passport using this hardware and software, he first burns the ICAO layout onto a new RFID tag so that the basic structure of the chip meets the official requirements. In the next step, the chip is fed with the copied data using the RFDump program developed in-house.

According to Grunwald, such a document is obtained that electronic passport readers cannot distinguish from the original. Only changes to the data (such as name or date of birth) are noticeable, as these are additionally secured via crypto keys. Criminals could, however, use passports manipulated in this way to circumvent electronic search inquiries about themselves at automated border controls. The interference would be noticed, however, if a border official compares the photo and the printed passport data with the digital data stored on the chip. Last but not least, the aim of the introduction of electronic passports is to significantly reduce the number of personnel required for controls in border traffic in the future. (pmz)

Read comments (335) Go to homepage
Ad ad