On Thursday, Grunwald, chief technology officer at DN Systems Enterprise Internet Solutions GmbH of Germany, returned to Black Hat to demonstrate how data on the passports could be accessed, manipulated and copied.
A number of nations have begun issuing the e-Passports, but as Grunwald showed, access controls on many commonly used sophisticated chips leave something to be desired. Default encryption keys for one type of card are available on the Web with a littler clever searching.
“We got a whole lot of keys,” Grunwald said. “It’s publicly available through a Google search.”
He said that a test of a number of cards using the chips showed that 75 percent used the default keys.
During his briefing, Grunwald used his German passport to demonstrate security weaknesses. He was able to read the card using commercially available hardware and software; copy the data to another chip, creating a clone passport; and replace the data on his own passport.
Autor(en)/Author(s): William Jackson
Quelle/Source: Government Computer News, 03.08.2006