2010-01-16

The Potemkin Airport

I haven't seen this on any English-language news, so I am translating and referencing it here, so that perhaps the one or the other might pick it up.

You have probably heard about a Potemkin village: mock towns built up along the Dnieper river in order to impress the Russian Empress Catharine II during an inspection visit.

Well, airport security has been called "security theater" by many, including Bruce Schneier. The German hacker's organization Chaos Computer Club (CCC) has demonstrated that airport security is not just theater, but in many places just a facade, put up to impress the traveling public.

While the poor people paying for transport are queuing up to have their underwear inspected and to dispose of their liquids purchased outside on the free market, the determined terrorist just has to invest about 200 Euros and walk around and use the side entrance.

Spiegel Online reporter Matthias Kremp reports on this simple hack in January 2010, as demonstrated on the public TV show Kontraste (ARD) (the 6:30 minute video by Matthias Deiß is available at this link, in German).

Entrance to the security areas is organized by an RFID chip-based challenge-response system. Personnel with a security clearance has an ID card that many wear on a lanyard around their necks. When they pass a guarded entrance point, an electromagnetic challenge is sent to the card, and the card responds.

Two CCC members purchased an RFID kit and set it up so that it can query an ID card. The card responds, and the kit records the response. The kit (which fits nicely into a pocket) can then be switched to respond mode, and when it passes a control point, the recorded response is replayed and the door opens.

The recorder must get within 70 cm of the card in order to record, but in a crowded airport it is easy to bump into someone on purpose and make it look like an accident.

The hackers alerted the airport security people, as they were not out to blow up airplanes, but had been interested in a security puzzle. As one of the men says on camera, they were shocked that it was so easy. Did security start insisting that people keep a one meter distance from all people with security clearances? Did they beef up security? No. They did nothing.

Exasperated, they turned to Kontraste, an investigative, publicly funded TV show which (apart from series like Tatort) is the only reason I am still willing to pay my TV tax without too much grumbling. Kontraste loves this kind of story. They demonstrated how easy it is to enter the building on film.

Then they contacted airport security, who was not willing to talk to them. By email they answered "for security reasons we will not be giving any additional information". Aha. Security by obscurity.

The system used for security is from the Swiss company Legic Identsystems and is called Legic Prime. From their online presentation:

LEGIC prime is widely used in access control related applications such as multiapplication company cards, in large-scale ticketing projects or in the leisure industry. Easier organisational processes and to increase the convenience are thereby the main focus.
Um, leisure industry? Convenience? I thought airports were focused on security! Kontraste But they were all unwilling to make public statements. quickly determined that not only did the Hamburg airport use this system, Stuttgart, Dresden, Hanover, and Berlin also use it. You see, it used "encryption", and that makes it secure. It also has "key management". Wooooo.

The gentlemen from CCC demure. No, they didn't find any trace of encryption, not even ROT13. So Kontraste headed down to the Swiss headquarters to try and get a statement on camera, but were rebuffed. However, their efforts did effect a change on the web page. Instead of "high security" this system now offers "basic security".

A speaker for the police union was quite willing to go on camera and demand that someone DO SOMETHING RIGHT NOW. They are the ones who have to put their lives on the line when some terrorist decides to start something. But of course, Hamburg alone would have to exchange 15.000 cards and numerous transponders, the cards run about 10 € apiece. At least, according to the web page, they could upgrade to Legic advant, which has

  • Advanced security
        • AES 128/256 bit / DES / 3DES encryption
        • Mutual authentication between reader and transponder
        • Diversified authentication and data encryption
  • Physical Master-Token System Control and Automatic Key Management
Well, then let's get going. Or else one has to wonder what the point of all the security theater for the paying patrons is about.

1 comment:

Richy said...

FYI
The news appeared on slashdot two days ago, in English.

http://it.slashdot.org/story/10/01/15/0744204/Airport-Access-IDs-Hacked-In-Germany?art_pos=1