• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

German Hacker Successfully Clones E-Passports

August 16, 2007

Views: 7,160

[ad]

So the latest news is that the RFID chips in electronically enabled passports are NOT encrypted, which bright spark came up with that idea?

Ok so you implement ‘more secure’ RFID passports, and leave all the data in plain text for anyone to tamper with – nice!

So what do you think they are gonna do about that? Probably nothing right?

A German computer security consultant has shown that he can clone the electronic passports that the United States and other countries are beginning to distribute this year.

The controversial e-passports contain radio frequency ID, or RFID, chips that the U.S. State Department and others say will help thwart document forgery. But Lukas Grunwald, a security consultant with DN-Systems in Germany and an RFID expert, says the data in the chips is easy to copy.

“The whole passport design is totally brain damaged,” Grunwald says. “From my point of view all of these RFID passports are a huge waste of money. They’re not increasing security at all.”

Complicated infrastructure stops people from doing something properly, that’s a pretty lame excuse.

Apparently these new super-duper RFID enabled passports are going to help cut down on forged documents…yeah when it’s not encrypted?

Although countries have talked about encrypting data that’s stored on passport chips, this would require that a complicated infrastructure be built first, so currently the data is not encrypted.

“And of course if you can read the data, you can clone the data and put it in a new tag,” Grunwald says.

The cloning news is confirmation for many e-passport critics that RFID chips won’t make the documents more secure.

“Either this guy is incredible or this technology is unbelievably stupid,” says Gus Hosein, a visiting fellow in information systems at the London School of Economics and Political Science and senior fellow at Privacy International, a U.K.-based group that opposes the use of RFID chips in passports.

Personally I’m on the side that that the technology is incredibly stupid.

Sometimes people amaze me, not in a good way.

Source: Wired and thanks to Daniel for the heads up on this one.

Related Posts:

  • An Introduction To Web Application Security Systems
  • Understanding the Deep Web, Dark Web, and Darknet…
  • Privacy Implications of Web 3.0 and Darknets
  • Intel Finally Patches Critical AMT Bug (Kinda)
  • What You Need To Know About KRACK WPA2 Wi-Fi Attack
  • Cambridge Analytica Facebook Data Scandal
Share
Tweet
Share
Buffer
WhatsApp
Email
0 Shares

Filed Under: Hardware Hacking, Legal Issues Tagged With: germany, hackers



Reader Interactions

Comments

  1. rfmonkey says

    August 16, 2007 at 7:42 am

    cool, I have been needing a passport, looks like better days are coming, Its OK with me, I’ll be looking for a real suave name, maybe Rico, or Jean. : )

  2. Ian Kemmish says

    August 16, 2007 at 9:25 am

    A similar story aired on the TV news here sometime last year, involving UK academics rather than a German hacker.

    Since the data includes a hash code derived of the digital photo printed on the passport, merely cloning the passport, although possible, is not very much use – you can only pretend to be yourself, not someone else. What you need is the ability to create valid-looking RFID data of your own creation. The Home Office claims that this is not possible, the academics merely confirmed that they had not been able to do this yet.

  3. morbid says

    August 16, 2007 at 10:08 am

    Head to http://www.openpcd.org/, grab the shematics and the parts list, order the stuff at digikey and show all people you know how badly implemented RFID technology usually is. Sorry but if you can’t
    convince the govs you have to educate the masses. Applyed hacktivism without any DDoS, I’m sure it works at least a bit. On 23C3 there have been some nice lectures on RFID, but that was aimed at “hackers”, so why tell people that already know that this is dumb that it is dumb, tell it the ones that don’t know it and proof it. On my University they have RFID cards for the cafeteria, having your deposit unencrypted on the chip, anyone tell me if this is a good idea with more than 3000 Computer Science and Electrical Engineering students ;). I think someone has to do a big PoC for the masses, so everyone is convinced.
    Passports are another nice thingy, imagine in some years the immigration officers don’t look at the passpors any more, but just grab the data from the RFID chips ’cause it’s faster, anyone can pretend to be someone else then. Imho it’s a horror scenario.
    while(1)
    RFID_passports = Security–;

  4. Sir Henry says

    August 16, 2007 at 12:14 pm

    I have always thought that the initiative by the US to put RFID in the new passports is intrinsically inane and shows a clear lack of logic and forethought in regard to security. How many people have already illustrated that this is absolutely insecure and a painfully easy way to get passport information? Don’t even get me started on the credit cards that you can simply wave in front of a scanner at the counter for “convenience”. I will never own one of those for I know that they, too, are a single point of failure and a means to giving up your money to anyone clever enough to get it. Great post.

  5. Cyanide says

    August 16, 2007 at 12:38 pm

    I usually just end up telling people to take a hammer to their passport to destroy the chip so that nobody can read their personal data without actually looking at the passport.

  6. Prelate says

    August 16, 2007 at 5:00 pm

    Major Malfunction did this at Defcon this year. He also spoofed the “animal” implant asking for human volunteers from the audience. Funny thing is his dog

  7. TheRealDonQuixote says

    August 16, 2007 at 9:12 pm

    No offense DKNT, but isn’t this old news? Engadget had an article about these guys way back on 03.08.06.

    If anyone’s interested here’s a great video on how to skim data from RFID credit cards.
    RFID-enabled Credit Card Skimming

    And here’s a link on how to write RFID worms!! The Dutch have been on this for quite a while now.
    vrije Universiteit

    I’ve been following RFID hacks for a long time now. I wish I could afford all these toys just so I could bother the cr@p out of my parents!! :D
    Of course I can’t solder for shite…

  8. Sandeep Nain says

    August 17, 2007 at 12:03 am

    Wow… one more lame step taken by the govt. why govt always need to assume that anthing which looks geeky is more secure..

    i wonder if the officials even wanted to know about the security of these RFIDs. i’m sure they didn’t even think about the data encryption..

    I remember when they interoduced this watermark thingy in passports which can be seen only in ultra violet light (or something like that) and claimed it will be hard to forge the passports now…

  9. Darknet says

    August 17, 2007 at 5:43 am

    TRDQ: Yeah actually I didnt notice the date on the article, Daniel sent to me as something of interest, so I just read it and posted it. The Wired article is also from 2006 now I checked it. It’s still interesting though I think :)

    The hammer technique is interesting!

    I was following RFID quite closely when it first emerged, but then I lost touch a bit.

  10. Sandeep nain says

    August 17, 2007 at 12:14 pm

    Although its an old one but was a good one to read for people like who haven’t read it before. so thanx darknet…

  11. Nobody_Holme says

    August 17, 2007 at 1:56 pm

    RFID is the worst idea since sliced bread? :p

  12. Alfred Farrington says

    August 17, 2007 at 2:21 pm

    Refreshing never hurt anyone. :P Hmmmm when is the government going to get themselves together. They ought to stop hiring all these guys out there that really don’t know what they are doing. just pitching ideas. Hey let’s try this encryption we don’t need that then “we won’t understand it or better they might break the encryption” . So the governments answer no encryption gee I would love to work in that sector when I grow up.

  13. CK76 says

    August 17, 2007 at 6:50 pm

    This is why I keep my passport in an antistatic bag. It’s great when your at the airport, and one curious person asks why I’m doing it. Soon enough I’m explaining to a small group of people the principles of RFID and why it’s so insecure.

    Good post DKNT. Spread the word.

  14. TheRealDonQuixote says

    August 17, 2007 at 7:31 pm

    Sorry for the “this is old” lameness. I realized I sounded like a duma$$ digg user. Now that is the definition of embarrassing!!

    Anyhew, tinfoil is supposed to work too for screwing up RFID readers. I’ve seen a wallet with some sheets of foil built right into the walls of the thing, its supposed to cover your RFID enabled credit cards. But some say that you have to completely wrap the card or passport in foil. I dunno cause I haven’t been able to play around with RFID stuff, no money.

    I really want to go around a Gap and make all their inventory magically disappear from their systems. All I need is a small EMP device ;)

  15. Nobody_Holme says

    August 19, 2007 at 2:06 pm

    TRDQ, thats a genius idea. I want to help.

  16. Sandeep Nain says

    August 31, 2007 at 2:30 am

    Nice idea TRDQ…. but the question here is… When will government think about these issues…

    they are introducing the technology but in this lame way… its too bad

    i think im sounding more like philospher here rather than being security professional

Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

TREVORspray - Credential Spray Toolkit for Azure, Okta, OWA & More

TREVORspray – Credential Spray Toolkit for Azure, Okta, OWA & More

Views: 238

TREVORspray is a purpose-built password spraying utility designed for red teams and offensive … ...More about TREVORspray – Credential Spray Toolkit for Azure, Okta, OWA & More

Force Push Scanner - Hunt GitHub Dangling Commits for Leaked Secrets

Force Push Scanner – Hunt GitHub Dangling Commits for Leaked Secrets

Views: 304

Force Push Scanner is an offensive security tool that identifies secrets inadvertently left in … ...More about Force Push Scanner – Hunt GitHub Dangling Commits for Leaked Secrets

Emerging Darknet Marketplaces of 2025 Anatomy Tactics & Trends

Emerging Darknet Marketplaces of 2025 Anatomy Tactics & Trends

Views: 3,550

Darknet marketplaces remain central to illicit trade in 2025, with evolving business models, payment … ...More about Emerging Darknet Marketplaces of 2025 Anatomy Tactics & Trends

Caracal - Rust eBPF Rootkit for Stealthy Post-Exploitation

Caracal – Rust eBPF Rootkit for Stealthy Post-Exploitation

Views: 494

Caracal is a new Rust-based eBPF (extended Berkeley Packet Filter) rootkit that provides a stealth … ...More about Caracal – Rust eBPF Rootkit for Stealthy Post-Exploitation

Windows_EndPoint_Audit - Endpoint Security Auditing Toolkit

Windows_EndPoint_Audit – Endpoint Security Auditing Toolkit

Views: 550

Windows_EndPoint_Audit from ITAuditMaverick introduces a powerful method for offensive security … ...More about Windows_EndPoint_Audit – Endpoint Security Auditing Toolkit

Malvertising and TDS Cloaking Tactics Uncovered

Malvertising and TDS Cloaking Tactics Uncovered

Views: 385

As digital advertising continues to be exploited by malicious actors, malvertising and Traffic … ...More about Malvertising and TDS Cloaking Tactics Uncovered

Topics

  • Advertorial (28)
  • Apple (46)
  • Cloud Security (2)
  • Countermeasures (231)
  • Cryptography (84)
  • Dark Web (1)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (432)
  • Forensics (65)
  • GenAI (4)
  • Hacker Culture (9)
  • Hacking News (230)
  • Hacking Tools (688)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (74)
  • Malware (240)
  • Networking Hacking Tools (353)
  • Password Cracking Tools (105)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (119)
  • Security Software (236)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (170)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker Hacker – Download brutus-aet2.zip AET2 (2,332,628)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,350)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,838)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,808)
  • Password List Download Best Word List – Most Common Passwords (933,799)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,468)
  • Hack Tools/Exploits (673,469)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,456)

Search

Recent Posts

  • TREVORspray – Credential Spray Toolkit for Azure, Okta, OWA & More July 14, 2025
  • Force Push Scanner – Hunt GitHub Dangling Commits for Leaked Secrets July 11, 2025
  • Emerging Darknet Marketplaces of 2025 Anatomy Tactics & Trends July 9, 2025
  • Caracal – Rust eBPF Rootkit for Stealthy Post-Exploitation July 7, 2025
  • Windows_EndPoint_Audit – Endpoint Security Auditing Toolkit July 4, 2025
  • Malvertising and TDS Cloaking Tactics Uncovered July 2, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy