CRACK : Hackers crack airport access
By Matthias Kremp
14/01/2010
http://www.spiegel.de/netzwelt/netzpolitik/0,1518,671980,00.html (Translated from German by Google)
Alarming vulnerability to major German airports: With a simple 200-euro device can outsmart the security barriers. Hackers of the CCC led to ARD reporters can be scanned as easily access cards, and then electronically simulated – the police union is appalled.
After the foiled bomb attack in Detroit, the security agencies and airports have reacted quickly and sharply, before the inspection are always long queues, because the checks have been stepped up. Each piece of hand baggage is searched, each fluid control, many passengers two or three times chased through the metal detector.
It is an easy way to circumvent the controls – the ARD-Magazin “Contrasts” is now demonstrating that it appears in many German airports are a vulnerability that can be exploited by simple means.
The allegations are directed against several German airports used to access security system of the Swiss agent LEGIC It should be easy to crack – how easy to have hackers from the Chaos Computer Club (CCC reporters) presented.
The operating principle of the system is simple: Each employee receives an ID card with built-in microchip. To get into airport security areas, the card is tilted close to a reader. This takes over the air on contact with the chip that reads the data and opens the door, where the institution of the chip is identified as being authorized to access.
But with a relatively simple device can be cut short this seemingly secure protection mechanism. Namely, with a “programmable RFID reader, which can both pretend to be a reader – and can pretend to be a map,” said Karsten Nohl, CCC member of the “contrast” searchers. Assemble the apparatus, therefore, will cost less than $ 200.
With this device you can first read an access card – and then switch it so that it emulates the card, then electronically replicates. In the end, can be with the RFID reader to open those doors, which also include the original would have been granted access.
15 centimeters range approximation
In an interview with SPIEGEL ONLINE, the manufacturer Legic confirmed “that members of the Chaos Computer Club has been able to evaluate by reverse engineering the algorithm of Prime and disclose.
Nohl and other CCC members were “simply shocked to even find any hurdles that we would have to overcome.” Only the limited range of the used RFID reader and emulation device using brakes. With a suitably powerful power supply can be ideally bridging distances of about 70 centimeters. If one wishes to remain anonymous and do not bulky power apparatuses attention to themselves, reduces the distance to up to 15 centimeters. But it was no real obstacle, “said ARD editor Matthias Deiss
To read out a map of it ultimately matter if you stands on an escalator next to an airport employee. Because the ID cards bear the usually either on a long ribbon around the neck or with a short bunch of keys on his belt.
The Swiss compromised by the hackers access system is used in Germany at the airports of Hamburg, Berlin-Tegel, Stuttgart, Dresden and Hanover – and marketed internationally. How far with the stunt is in doubt, was an employee of the Hamburg airport the “contrasts” reporters clear. He had his access card entry to the security area and could thus “on access gates, roads, terminals and gates directly via the apron and of course get on an airplane.” With the RFID reader, the same should be possible.
The system is outdated
The Hamburg Airport recognizes the vulnerability. However, it is pointed out that the access is not the only security mechanism of the airport. With other systems would ensure that no unauthorized persons enter the premises. The nature of these systems has been, “contrasts” but not answered. An exchange of more than 15,000 access cards and readers can not get around 500 for cost reasons.
If you read the product description, the Legic published on his website, anyway, the question arises, why use airports specifically chosen this system to protect access. Accordingly, were key to the development of the system presented at the 1992 Cebit, the simplification and comfort in mind. It is also designed for controlling access to “large-scale projects in the leisure industry”, say for example in holiday resorts. According to the data sheet a “basic security with a focus on organization and convenience” is one of the main features of the system.
Legic told SPIEGEL ONLINE with the Prime System Chriffrierverfahren use a firm that meets the technical possibilities of 1992. The company has argued that such procedures are based essentially on the secrecy of the algorithms used. Compared with today’s methods “have these older methods, a lower safety level than modern systems”, which gives the manufacturer openly. He recommends that its customers, the technology “reassess and, where necessary, replace it with modern security systems.” However, even today is still guaranteed the security – if one Legic Prime with additional measures such as a pin number, a video surveillance or simply supplement an usher. But because it costs, just as a replacement of the entire system.
Interior Ministry and police union response
According to a spokesman for the Federal Interior Ministry is on the airport operators to review the security controls already been suggested. Rainer Wendt, chairman of the German police union, which is too little – he asks to replace the cracked security system immediately and put on the cutting edge of technology.
For the omissions of the operators, he shows no sympathy. He proposes to put the security operation now under the supervision of the federal police to: “so that the airport can be more sloppy as they want.”