Airport Access IDs Hacked In Germany

teqo writes "Hackers belonging to the Chaos Computer Club have allegedly cloned digital security ID cards for some German airports successfully which then allowed them access to all airport areas. According to the Spiegel Online article (transgoogleation here), they used a 200 Euro RFID reader to scan a valid security ID card, and since the scanner was able to pretend to be that card, used it to forge that valid ID. Even the airport authorities say that the involved system from 1992 might be outdated, but I guess it might be deployed elsewhere anyway."

Re:Really

[Shadow_139]

The kit used, a Proxmark 3 cost ~$470 before P&P but they were been sold at 26c3 for 200 cash-in-hand.

Sounds like somebody who was at the conference has an hour or two to kill in the airport and decided to play with their new toy.....

And to anybody saying you could not get it past security, I got my Netbook, Proxmark3, SIM simulator, a few FON and a big of random USB,wireless & BT dongles past them it no issues {except some of the stuff was removed from my carry-on bay and was double x-rays}.

RFID

[AlexiaDeath]

Last I looked it was 24 bits of binary data and that's it. Even simple number collisions are likely to occur if a facility does not watch out with card orders. With 1992 in the market date, I doubt its much more than that. It has no place securing anything important.

Re:Terrorrism

[MichaelSmith]

I have some direct experience of airport security. While it varies a lot from place to place it never relies entirely on RFID.

It IS used at other airports ...

[foobsr]

TFS: "but I guess it might be deployed elsewhere anyways"

The 'news' here (Germany) yesterday said that the same system is used at several other German airports.

CC.

Re:Terrorrism

[nacturation]

At a time where authorities try to impose ridiculous devices like the body scanner and that waiting lines become so long that trains become a viable option to national flights, it is good to point out that they have so many flaws left.

That reminds me... one thing to add to this article: http://www.youtube.com/watch?v=yZfbTlYpKYo [youtube.com]

Link to the complete (english) talk at 26C3

[gmthor]

If you want to know the insights http://media.ccc.de/browse/congress/2009/26c3-3709-en-legic_prime_obscurity_in_depth.html [media.ccc.de]

Re:Really

[Anonymous Coward]

Sounds like somebody who was at the conference has an hour or two to kill in the airport and decided to play with their new toy.....

The guy who did it is Karsten Nohl, the same guy who deciphered GSM encryption [slashdot.org] lately. He also reverse engineered the "secret" MIFARE [wikipedia.org] Classic cipher some time ago.

Re:Terrorrism

[Anonymous Coward]

the large quantity of firearms-trained police officers on site

who are in the areas where the public are, you fsckin' moron, not behind the wire in the secure areas. Please engage your brain before touching the keyboard next time you revive.

'Tis a commentary on the arrogance of power

[ibsteve2u]

Takes a lot of arrogance, to decide that some people are so important that they should be entitled to bypass security, and so in order to achieve that, you create a method to bypass security.

The arrogance lies in making the assumption that no terrorist group will ask themselves the question: "How do we bypass their security?" and fail to arrive at the answer: "Why, the same way they do!".

(P.S. I'm a good guy [albeit with the caveat that the term is relative], Carnivore/Altivore/Echelon. The timing of this Der Spiegal article and the fact that I've recently said the same thing as I did above elsewhere is purely coincidental. I happen to work with the stuff, so such conversations pique my curiosity. There's no need to waste gasoline coming to see me.)

Re:Theory bites back

[Jesus_666]

In a TV report they said that there simply was no cypher. From what they said in the interview it sounds like a simple replay attack. The rest of the report made it look like a bog-standard RFID system that just checks the serial number of the tag - although that might of course be the reporters oversimplifying things.

Re:guess what!

[jonbryce]

Looking at the recent terrorist attacks in Britain, I'm not so sure. The 7/7 attack was on three different Tube (Subway) trains and a bus. The targets were four tube trains, but the Northern Line was closed due to engineering problems that morning.

They failed copycat 21/7 attack was also on three tubes and a bus. This time the bus was targeted directly.

The failed Glasgow Airport attack took place outside the airport, and was targeting people who were waiting to go through security.

It's not outdated, it's the wrong system.

[yacc143]

The Swiss vendor selling the system never marketed it (even 1992) for security relevant access control, it's just meant as a comfortable access for entertainment parks or similar customers, where comfort and low price are the selling points, not security.

(so basically, it was never ever meant to be used for airport security)

Re:Terrorrism

[sconeu]

Badge checking is encouraged in many corporate subcultures.

I used to work in a closed area (escort required for those without clearance and access list).

Once, the company president came in to look around. A friend of mine, who didn't know who the prez was, asked him who he was, and if he was on the list. She got complimented on her security awareness.