Expert: Israeli airport passport machines vulnerable

Ben Gurion Airport Photo: Einat Levron

Ben Gurion airport's biometric passport machines use the outdated Windows XP operating system, which Microsoft stopped supporting four years ago.

The vast number of Israelis flocking back home after the Passover holidays will inevitably get stuck in the long passport control lines at Ben Gurion airport. The smarter travelers may be able to use the biometric passport machines or the Israel Airport Authority's fast-track machines.

When Amit Serper, principal security researcher at Israeli startup Cybereason landed in Israel last week, he used one of the airport's fast-trasck machines. He was horrified when the screen reported an error on the Windows XP operations system. Windows XP went onto the market 16 years ago and is so outdated that Microsoft stopped supporting it in April 2014.

The Israel Airport Authority's fast-track machine allows people to enter or leave Israel using either a biometric or regular passport by identification from the palm of the hand. Passengers without a biometric passport can register on a one-off basis by taking a picture of the palm of their hand on a machine linked to the Ministry of Interior's biometric databank and this allows them to leave and enter the country on their trip.

Serper points out that because these machines are linked to a computer network using an outdated operations system that has not been updated for four years leaves them open to a cyberattack.

Serper told "Globes," "As somebody traveling I have access only to the endpoint, so I can't know for sure what is happening behind it from a security point of view but to keep in use a system operated years after Microsoft stopped updating it on a self-service machine at the entrance to a country is a screw-up in my eyes.

The machines are physically protected by metal boxes and it is apparently not possible to connect to a USB port on it, but that doesn't soothe Serper's concerns. "The machine is connected to some sort of network because it needs to check the palm of the hand that has been scanned via a server. If a hostile entity successfully attacks a completely different computer connected to the same network, the entity can move around and infiltrate within it. The fact that these computers are run by Windows XP means that it is no challenge whatsoever for the hackers."

Hackers penetrating the border control computer system pose a double danger. Firstly they can allow somebody with a forged passport to pass border control. Secondly the entire biometric database of photographed hands is vulnerable.

The Israel Airports Authority said, "We are talking about a closed, protected and secured system for all interfaces to the Population Authority."

Ben Gurion Airport Photo: Einat Levron
Ben Gurion Airport Photo: Einat Levron
Twitter Facebook Linkedin RSS Newsletters גלובס Israel Business Conference 2018