Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The ICAO documents contain the complete specification. It is moderately complex and involves twiddling lots of bits. So I've no doubt that a passport reader somewhere isn't doing bounds checking properly.

But you could achieve much the same effect with a hammer.



But could a hammer deliver a malicious payload that could spread in the system? I'm not sure if you could do that with data on the chip, but maybe.


Yes, but so could a sticker with a QR code containing some exploit that the optical passport reader scans.

I don't think it's a particularly different attack vector just because the chip is "active". Competent systems would treat all data received from it as potentially harmful until proven otherwise.


this reminds me of the plot to Black Mirror's Plaything :-)


I'm glad the subtle reference landed :)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: