Bruce Sterling

Arphid Watch: Amsterdam, arphids and Elvis

http://arstechnica.com/news.ars/post/20081002-rfid-passport-hack-has-scanners-seeing-visions-of-elvis

(((In a word, "huh?" and, in a bunch of words, I've already eaten way too much sleepytime Dutch bread with toasted cheese. The sleep of reason brings forth Elvis.)))

Link: RFID passport hack has scanner seeing visions of Elvis .

RFID passport hack has scanner seeing visions of Elvis

By John Timmer | Published: October 02, 2008 - 12:08PM CT

Back in August, a security researcher named Jeroen van Beek (((that blew my mind right there, but the worst is yet to come))) demonstrated a method for manipulating information in the RFID tags used in recent passports; more details of the process were discussed at the Black Hat conference held in Las Vegas that month. (((Dutch hackers plus Vegas. Don't even go there.)))

Now, a member of the group The Hacker's Choice (THC) (((look out for those Amsterdam "coffeeshops," dear reader))) has built on that knowledge to describe how anyone can use some free software and cheap hardware to manipulate the personal data on a passport RFID tag. The hack comes accompanied by a video showing a machine in Amsterdam's airport reading Elvis Presley's personal information off a hacked chip. (((Thank yuh... thank yuh... Mr Presley has left the secured building.))

Faking passport RFID chips for $120 (((Or, about 12 Dutch euros by Christmas)))

The process, as described by someone going with the handle VonJeek, (((who are these strange people, and why won't they leave those tiny American passport chips alone))) is pretty straightforward. Software that emulates passport RFID behavior, apparently written by van Beek, is uploaded onto a blank card. Using a free Python application, an existing passport's chip is read and the data transferred to the emulator. In the process, the bits that call for active verification of the encoded information can be shut off, limiting the verification process when the card is read in the future. Instructions for modifying the information prior to uploading it are also provided.

The instructions come with a video of the hacked card in action at the Amsterdam airport. At a self-service boarding pass machine, the hacker slipped the modified RFID card into his passport, and placed it in a scanning device. Up popped Elvis on the screen.

(((After this, it gets worse, if possible... " a single point of failure that could compromise every RFID-based password out there..." Has Sarah Palin been briefed?)))