←back to thread

Reading NFC Passport Chips in Linux

(shkspr.mobi)
287 points robin_reala | 6 comments | 25 Jun 25 07:33 UTC | HN request time: 0.317s | source | bottom
Show context
frelp ◴[25 Jun 25 09:47 UTC] No.44375391[source]
I wonder if you could create a chip that could break the passport reader system. That could really disrupt things, so hopefully that’s not possible.
replies(3): >>44375514 #>>44375623 #>>44376465 #
1. edent ◴[25 Jun 25 10:24 UTC] No.44375623[source]
The ICAO documents contain the complete specification. It is moderately complex and involves twiddling lots of bits. So I've no doubt that a passport reader somewhere isn't doing bounds checking properly.

But you could achieve much the same effect with a hammer.

replies(1): >>44375783 #
2. giantg2 ◴[25 Jun 25 10:53 UTC] No.44375783[source]
But could a hammer deliver a malicious payload that could spread in the system? I'm not sure if you could do that with data on the chip, but maybe.
replies(2): >>44377275 #>>44379808 #
3. ◴[25 Jun 25 13:44 UTC] No.44377275[source]
4. lxgr ◴[25 Jun 25 17:29 UTC] No.44379808[source]
Yes, but so could a sticker with a QR code containing some exploit that the optical passport reader scans.

I don't think it's a particularly different attack vector just because the chip is "active". Competent systems would treat all data received from it as potentially harmful until proven otherwise.

replies(1): >>44380975 #
5. cAtte_ ◴[25 Jun 25 19:23 UTC] No.44380975{3}[source]
this reminds me of the plot to Black Mirror's Plaything :-)
replies(1): >>44381112 #
6. lxgr ◴[25 Jun 25 19:38 UTC] No.44381112{4}[source]
I'm glad the subtle reference landed :)