Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: RFID enabled e-passport skimming proof of concept code released (RFIDIOt)
From: Michael Holstein <michael.holstein () csuohio edu>
Date: Mon, 30 Oct 2006 10:10:26 -0500

That article focuses on Dutch passports, but in the US it's essentially 
the same.

   The Passport number

a 10 digit number (I don't know where they start, but it certainly 
wasn't 0000000001).

   The Date Of Birth of the holder

about 32,000 possibilities (assuming < 90yrs old)

   The Expiry Date of the Passport

Passports are vaild for 10 years (for an adult in the US), and 
expiration is just MM/YYYY .. so that's only 120 possibilities.

A very small dictionary for "brute force" indeed, and I'd be happy to 
code such a routine.

Does anyone know if the chips in the latest passports (USA issue) 
prevent this sort of thing, or can you try keys as fast as the RF 
interface will permit?


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]