AOH :: HP Unsorted R :: B06-5454.HTM

RFID enabled e-passport skimming proof of concept code released (RFIDIOt)



RFID enabled e-passport skimming proof of concept code released (RFIDIOt)
RFID enabled e-passport skimming proof of concept code released (RFIDIOt)




The latest version of RFIDIOt, the open-source python library for RFID 
exploration/manipulation, contains code that implements the ICAO 9303 
standard for Machine Readable Travel Documents in the form of a test 
program called 'mrpkey.py'.

This program will exchange crypto keys with the passport and read and 
display the contents therein, including the facial image and the 
personal data printed in the passport.  Currently the data read is 
limited to the following objects:

     Data Group:  61 (EF.DG1 Data Recorded in MRZ)
     Data Group:  75 (EF.DG2 Encoded Identification Features - FACE)

Other Data Groups will be implemented as and when examples come to the 
author's attention.

The ICAO standard relies on a 'secret' key to protect the RFID chip from 
casual reading, which is derived from data printed inside the passport. 
However, this data is also potentially available by other means, so the 
key for a specific passport could be derived without physical access to 
the passport. The information required is as follows:

   The Passport number

   The Date Of Birth of the holder

   The Expiry Date of the Passport

   (Each of the fields also has a check digit which can be calculated by 
the software if not otherwise available).

The author has previously shown that this data can be obtained through 
other channels, such as poorly secured websites, as it is a subset of 
the data that is required by the US Homeland Security for Advance 
Passenger Information, and is therefore commonly collected by airlines 
and other associated organisations.

This article, from the UK national newspaper The Guardian, gives more 
details of one of the techniques used:

http://www.guardian.co.uk/idcards/story/0,,1766266,00.html 

Others have also highlighted the possibility of bruteforcing the keys, 
given that the components are largely predictable, giving a much smaller 
keyspace than might otherwise be supposed:

http://www.riscure.com/2_news/passport.html 

The demonstration code (RFIDIOt.py version 0.1g) can be found here:

http://rfidiot.org 

The ICAO 9303 standard documents can be found here:

http://www.icao.int/mrtd/publications/doc.cfm 

Enjoy!
Adam
-- 
Adam Laurie                         Tel: +44 (0) 1304 814800
The Bunker Secure Hosting Ltd.      Fax: +44 (0) 1304 814899
Ash Radar Station http://www.thebunker.net 
Marshborough Road
Sandwich mailto:adam@thebunker.net 
Kent
CT13 0PL
UNITED KINGDOM                      PGP key on keyservers

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.