Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Hackers Clone Elvis' Passport

Posted by samzenpus on Thu Oct 02, 2008 05:30 AM
from the don't-mess-with-the-king dept.
Security Privacy Government Technology News
Barence writes "Hackers have released source code that allows the 'backup' of RFID-protected passports, although the tool can potentially be used to create fake or cloned documents. The Hacker's Choice, a non-commercial group of computer security experts, has released a video showing a cloned passport being approved by a security scanner at a Dutch airport. When the reader scans the passport, it is revealed to belong to one Elvis Aaron Presley, complete with picture. Reports of the hackers serenading security staff with 'Are You Clonesome Tonight' are unconfirmed."
+ -
story

Related Stories

Firehose:Hackers clone Elvis' passport by Barence (1228440)
[+] Your Rights Online: Interpol Pushing World Facial Recognition Database 171 comments
The Register is reporting that according to some reports, Interpol will soon be pushing for a world-wide facial recognition database at the borders of all member nations. "The UK already has airport gates equipped with such technology, intended to remove the need for a human border guard to check that a passenger's face matches the one recorded in his or her passport. According to the Guardian, Interpol database chief Mark Branchflower believes that his organization should set up a database of facial-recognition records to operate alongside its existing photo, fingerprint and DNA files."
[+] Your Rights Online: Researchers Find Problems With RFID Passport Cards 172 comments
An anonymous reader writes "Researchers at the University of Washington have found that RFID tags used in two new types of border-crossing documents in the US are vulnerable to snooping and copying. The information in these tags could be copied on to another, off-the-shelf tag, which might be used to impersonate the legitimate holder of the card." You can also read the summary of the researchers' report.
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Hackers Clone Elvis' Passport 25 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Obligatory (Score:5, Funny)

    by Gandalf_Greyhame (44144) on Thursday October 02 2008, @05:31AM (#25230631) Journal

    Elvis has left the building

    • Re:Obligatory (Score:5, Funny)

      by Anonymous Coward on Thursday October 02 2008, @05:35AM (#25230649)

      On a day when we are going to be giving hundreds of billions to dodgy bankers, on a day when suicide bombs have returned to Baghdad, on a day when the most influential vice-presidential nominees for a lifetime will go toe-to-toe, surely there is more important news [bbc.co.uk] for /. to report!

        • Re:Obligatory (Score:5, Funny)

          by RemoWilliams84 (1348761) on Thursday October 02 2008, @08:57AM (#25231721)
          That would be the greatest rick roll ever. Have them scan your passport and it come back with Rick Astley's picture followed by you singing never gonna give you up at the top of your lungs. I'm beginning to see a whole reality show here.

    • Re:Obligatory (Score:5, Funny)

      by BlueStrat (756137) on Thursday October 02 2008, @05:52AM (#25230747)

      Elvis has left the building

      Elvis has left the building

      And the other Elvis has left the building

      There, fixed that for you.

      Cheers!

      Strat

    • Re:Obligatory (Score:5, Interesting)

      by dkleinsc (563838) on Thursday October 02 2008, @07:43AM (#25231199)

      Ever since that cracker got me
      I found a new place to dwell.
      It's down at the end of cloned street
      At pwned hotel.

      (chorus)
      You make me so cloned baby,
      I get so cloned,
      I get so cloned I could die (again and again).

      And although its always crowded,
      You still can find some room.
      Where broken hearted users
      Do cry away their gloom.

      (chorus)

      Well, the spammer's mail keeps flowin,
      And the desk clerks dressed in black.
      Well they been so long on cloned street
      They ain't ever gonna look back.

      (chorus)

      Hey now, if a cracker gets you,
      And you got a tale to tell,
      just take a walk down cloned street
      To pwned hotel.

  • I can fix that for you... (Score:5, Funny)

    by codefrog (302314) on Thursday October 02 2008, @05:37AM (#25230667)

    That little problem goes right away... just add "Elvis Aaron Presley" to the no-fly list.
    We is all secured again, and permanently this time!

  • Osama Bin Laden (Score:5, Funny)

    by Krneki (1192201) on Thursday October 02 2008, @05:47AM (#25230721)
    I dare anyone to fake the ID of Osama Bin Laden and try to get to the US.

  • Before passing through security (Score:5, Funny)

    by BackwardHatClub (763903) <kanyda.gmail@com> on Thursday October 02 2008, @05:59AM (#25230787)
    Please remove your blue suede shoes.

  • Bad title (Score:5, Insightful)

    by L4t3r4lu5 (1216702) on Thursday October 02 2008, @06:27AM (#25230917)
    You can't clone Elvis' passport; They didn't have access to the original.

    They created a passport with fake details which matched the identity of another person. Nothing was cloned. I bet it wasn't even his passport picture, but a stock photo from the web.

    • Re:Bad title (Score:5, Insightful)

      by wvmarle (1070040) on Thursday October 02 2008, @09:20AM (#25231949)

      Which, from the face of it, makes the feat even more impressive. Cloning means "simply" reading the data from one passport, and copying it onto another. It is not necessary to decrypt this data, as long as the chip is tricked into releasing it.

      Instead, they created a completely new data set, put this on the chip, and programmed the chip so it correctly answers to the challenge posed by the reader.

      Now the idea of having the data encrypted in the passport chip may be wishful thinking of course... I would expect it is encrypted, if not then it's of course one step less for these hackers. At the very least I would expect some cryptographic checksum, based on some secret key or so, to verify that the passport (i.e. the data on the chip) has been government issued.

      No matter what, a neat hack, and scary that it is possible in the first place.

  • Never let a computer do a job that can be done by (Score:5, Insightful)

    by HungryHobo (1314109) on Thursday October 02 2008, @07:00AM (#25231047)

    "Never let a computer do a job that can be done by a human."
    I just can't agree with this.
    People can be fooled easily enough and the more that's automated properly the better. A human(well thousands of them) *could* do all the interest calculations at your bank but it would be stupid to do it that way.

    There are loads of jobs out there which are better done by machines.

    • Re:That's not a security console... (Score:5, Insightful)

      by Ren Hoak (1217024) on Thursday October 02 2008, @07:28AM (#25231143)
      It does not prove that security in those things is broken.
      Ok, so by your words, being able to create a document that contains blatantly false information, and successfully using that document to bypass security doesn't prove that "security in those things is broken". What, pray tell, would be required beyond this to demonstrate that security is broken? Because, you see, in my simple view of things, if you are "Bob" and security is on the lookout for "Bob", and you show them a modified password claiming that you're "Neil", and security lets you through because as far as they can tell you aren't "Bob", security has been compromised. When security is based on human inspection of said passport, clearly it's subject to human error. When security is electronically based, such as the case with RFID, all but the most basic of human interaction should be removed from the "is this a real passport?" equation.

      • Re:Be careful... (Score:4, Interesting)

        by Patrick Georgi (1355115) on Thursday October 02 2008, @07:36AM (#25231167)
        At least in Germany, ID cards are considered to be federal property, so changing data on it could be considered malicious mischief.

        • Re:Be careful... (Score:5, Insightful)

          by Incadenza (560402) on Thursday October 02 2008, @07:47AM (#25231221)
          In the Netherlands passports are state property to. If your passport gets lost, you have to pay for a replacement (obviously) *plus* you get fined for losing government property!

      • Re:Be careful... (Score:4, Insightful)

        by EasyTarget (43516) on Thursday October 02 2008, @07:48AM (#25231227) Homepage Journal

        Unfortunately the current mob in (sort of ) charge here are right up the illiberal-fuck brigade's arse.

        When it was recently demonstrated that the new national travelcard is broken (Mifare [computerworld.com]) the response was a typical mixture of outrage, damming everybody as criminal, and refusing to accept that people with science degrees are a darn sight smarter than the bunch of PR/MBA wankers who fell for the Mifare sales spin.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.