←back to thread

Reading NFC Passport Chips in Linux

(shkspr.mobi)
287 points robin_reala | 10 comments | 25 Jun 25 07:33 UTC | HN request time: 1.653s | source | bottom
1. frelp ◴[25 Jun 25 09:47 UTC] No.44375391[source]
I wonder if you could create a chip that could break the passport reader system. That could really disrupt things, so hopefully that’s not possible.
replies(3): >>44375514 #>>44375623 #>>44376465 #
2. hypeatei ◴[25 Jun 25 10:09 UTC] No.44375514[source]
Burning a zero day like that in front of border / travel officers will probably land you in prison very quickly.
replies(1): >>44377950 #
3. edent ◴[25 Jun 25 10:24 UTC] No.44375623[source]
The ICAO documents contain the complete specification. It is moderately complex and involves twiddling lots of bits. So I've no doubt that a passport reader somewhere isn't doing bounds checking properly.

But you could achieve much the same effect with a hammer.

replies(1): >>44375783 #
4. giantg2 ◴[25 Jun 25 10:53 UTC] No.44375783[source]
But could a hammer deliver a malicious payload that could spread in the system? I'm not sure if you could do that with data on the chip, but maybe.
replies(2): >>44377275 #>>44379808 #
5. monai ◴[25 Jun 25 12:22 UTC] No.44376465[source]
You can transmit arbitrary data in certain steps of the passport reading process. The possibility of disruption depends on whether the reading system has bugs exploitable by the incoming data.

I've seen crashes in PKCS#11 drivers when reading cards with malformed data. So, the possibility, in theory, is always there.

6. ◴[25 Jun 25 13:44 UTC] No.44377275{3}[source]
7. dopp0 ◴[25 Jun 25 14:45 UTC] No.44377950[source]
the world belongs to the braves
8. lxgr ◴[25 Jun 25 17:29 UTC] No.44379808{3}[source]
Yes, but so could a sticker with a QR code containing some exploit that the optical passport reader scans.

I don't think it's a particularly different attack vector just because the chip is "active". Competent systems would treat all data received from it as potentially harmful until proven otherwise.

replies(1): >>44380975 #
9. cAtte_ ◴[25 Jun 25 19:23 UTC] No.44380975{4}[source]
this reminds me of the plot to Black Mirror's Plaything :-)
replies(1): >>44381112 #
10. lxgr ◴[25 Jun 25 19:38 UTC] No.44381112{5}[source]
I'm glad the subtle reference landed :)