Featured Research

from universities, journals, and other organizations

Safer swiping while voting and globetrotting: Security expert finds security holes in passports and 'smart cards'

Date:
April 25, 2010
Source:
American Friends of Tel Aviv University
Summary:
A new study finds serious security drawbacks in chips embedded in credit, debit and "smart" cards.

A home-made, extended-range RFID antenna made from cooking gas copper pipes in Prof. Wool's lab.
Credit: Image courtesy of American Friends of Tel Aviv University

Since 2007, every new U.S. passport has been outfitted with a computer chip. Embedded in the back cover of the passport, the "e-passport" contains biometric data, electronic fingerprints and pictures of the holder, and a wireless radio frequency identification (RFID) transmitter.

Although the system was designed to operate at close range, hackers were able to access it from afar -- until research by Prof. Avishai Wool of Tel Aviv University's School of Electrical Engineering helped ensure that the computer chip in American e-passports could be read only when the passport is opened. The research has been cited by organizations including the Electronic Frontier Foundation.

Now, a new study from Prof. Wool finds serious security drawbacks in similar chips that are being embedded in credit, debit and "smart" cards. The vulnerabilities of this electronic approach -- and the vulnerability of the private information contained in the chips -- are becoming more acute. Using simple devices constructed from $20 disposable cameras and copper cooking-gas pipes, Prof. Wool and his students Yossi Oren and Dvir Schirman have demonstrated how easily the cards' radio frequency (RF) signals can be disrupted. The work will be presented at the IEEE RFID conference in Orlando, FL, this month.

More than one way to hack a chip

Prof. Wool's most recent research centers on the new "e-voting" technology being implemented in Israel. "We show how the Israeli government's new system based on the RFID chip is a very risky approach for security reasons. It allows hackers who are not much more than amateurs to break the system," Prof. Wool explains. "One way to catch hackers, criminals and terrorists is by thinking like one."

In his lab, Prof. Wool constructed an attack mechanism -- an RFID "zapper" -- from a disposable camera. Replacing the camera's bulb with an RFID antenna, he showed how the EMP (electro-magnetic pulse) signal produced by the camera could destroy the data on nearby RFID chips such as ballots, credit cards or passports. "In a voting system, this would be the equivalent of burning ballots -- but without the fire and smoke," he says.

Another attack involves jamming the radio frequencies that read the card. Though the card's transmissions are designed to be read by antennae no more than two feet distant, Prof. Wool and his students demonstrated how the transmissions can be jammed by a battery-powered transmitter 20 yards away. This means that an attacker can disable an entire voting station from across the street. Similarly, a terror group could "jam" passport systems at U.S. border controls relatively easily, he suggests.

The most insidious type of attack is the "relay attack." In this scenario, the voting station assumes it is communicating with an RFID ballot near it &#mdash; but it's easy for a hacker or terrorist to make equipment that can trick it. Such an attack can be used to transfer votes from party to party and nullify votes to undesired parties, Prof. Wool demonstrates. A relay attack may also be used to allow a terrorist to cross a border using someone else's e-passport.

How to make "smart cards" smarter

"All the new technologies we have now seem really cool. But when anything like this first comes onto the market, it will be fraught with security holes," Prof. Wool warns. "In America the Federal government poured a lot of money into e-voting, only to discover later that the deployed systems were vulnerable. Over the last few years we've seen a trend back towards systems with paper trails as a result."

But there are some small steps that can be taken to make smart cards smarter, says Prof. Wool. The easiest one is to shield the card with something as simple as aluminium foil to insulate the e-transmission. In the case of e-voting, a ballot box could be made of conductive materials. The State Department has already taken Prof. Wool's advice: since 2007, they've also added conductive fibres to the back of every American passport.


Story Source:

The above story is based on materials provided by American Friends of Tel Aviv University. Note: Materials may be edited for content and length.


Cite This Page:

American Friends of Tel Aviv University. "Safer swiping while voting and globetrotting: Security expert finds security holes in passports and 'smart cards'." ScienceDaily. ScienceDaily, 25 April 2010. <www.sciencedaily.com/releases/2010/04/100415160141.htm>.
American Friends of Tel Aviv University. (2010, April 25). Safer swiping while voting and globetrotting: Security expert finds security holes in passports and 'smart cards'. ScienceDaily. Retrieved September 1, 2014 from www.sciencedaily.com/releases/2010/04/100415160141.htm
American Friends of Tel Aviv University. "Safer swiping while voting and globetrotting: Security expert finds security holes in passports and 'smart cards'." ScienceDaily. www.sciencedaily.com/releases/2010/04/100415160141.htm (accessed September 1, 2014).

Share This




More Science & Society News

Monday, September 1, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Get on Your Bike! London Cycling Popularity Soars Despite Danger

Get on Your Bike! London Cycling Popularity Soars Despite Danger

AFP (Sep. 1, 2014) — Wedged between buses, lorries and cars, cycling in London isn't for the faint hearted. Nevertheless the number of people choosing to bike in the British capital has doubled over the past 15 years. Duration: 02:27 Video provided by AFP
Powered by NewsLook.com
Thailand Totters Towards Waste Crisis

Thailand Totters Towards Waste Crisis

AFP (Sep. 1, 2014) — Fears are mounting in Bangkok that poor planning and lax law enforcement are tipping Thailand towards a waste crisis. Duration: 01:21 Video provided by AFP
Powered by NewsLook.com
California Passes 'yes-Means-Yes' Campus Sexual Assault Bill

California Passes 'yes-Means-Yes' Campus Sexual Assault Bill

Reuters - US Online Video (Aug. 30, 2014) — California lawmakers pass a bill requiring universities to adopt "affirmative consent" language in their definitions of consensual sex, part of a nationwide drive to curb sexual assault on campuses. Linda So reports. Video provided by Reuters
Powered by NewsLook.com
As Drought Continues LA "water Police" Fight Waste

As Drought Continues LA "water Police" Fight Waste

AFP (Aug. 29, 2014) — In the midst of a historic drought, Los Angeles is increasing efforts to go after people who waste water. Five water conservation "cops" drive around the city every day educating homeowners about the drought. Duration: 02:17 Video provided by AFP
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
 
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:  

Breaking News:
from the past week

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:  

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile iPhone Android Web
Follow Facebook Twitter Google+
Subscribe RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins