Passport data to be copied in Kiwicon demo

Active Authentication in new passports will expose copied data, says Internal Affairs

This weekend Nick von Dadelszen is going to use a $25 Snapper Card reader to extract data from a New Zealand e-passport and copy it to a new smartcard.

He also plans to release tools to allow the reader to read other types of smartcards, he says, and to show how information can be extracted from chipped credit cards and used to create a "similar looking" card.

See also: 'Numero' to demo wi-fi attack at Kiwicon III
But, the demonstration is not an attack, says von Dadelszen, one of the major speakers at this weekend's Kiwicon III hackers conference at Victoria University in Wellington. Rather, it is one of several demonstrations he hopes will raise awareness of issues around smart card security.

Von Dadelszen says there are very few people who understand smartcard security.

"People have to rely on vendor assurances about security. My talk is to allow more people to understand and check their own security."

Department of Internal Affairs passport manager David Philp says the ability to read and even copy passport data "doesn't prove anything". He says the addition of Active Authentication to New Zealand's new passports will alert border agents if the data has been copied to a new chip.

"If you can read the data you can copy it, but if it's then read at a border it will be clear that it's a fake," Philp says.

Von Dadelszen says he's sure there will be "some discussion around that" at Kiwicon.

Unlike many others, von Dadelszen refuses to use a hacker name.

"Last year I went to Kiwicon as Nick 'Handles are for Wimps' von Dadelszen," he says.

Last year, Dutch researchers revealed how the European Oyster transport smartcard could be hacked. Von Dadelszen says that was because the card was using a flawed cryptographic scheme.

The local system used by Snapper is stronger, von Dadelszen says.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Security IDvon dadelszenkiwicon

Show Comments