Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [Full-disclosure] Sniffing RFID ID's ( Physical Security )
From: Josh L. Perrymon (joshuaperrymongmail.com)
Date: Tue Jun 27 2006 - 02:09:43 CDT
To summarize the thread...
My question is:
Is it possible to sniff the data from RFID access control cards and write
the contents to a generic RFID card? Then use the copied RFID card to gain
access inside the target building?
This is more just theory at this point.
I have read about encryption used for credit cards and the more recent uses
for RFID.. but is any of this security built into your standard RFID access
Out of a couple hundred companies I have visited I only remember a handful
that required an additional PIN to be entered. So if this is possible then
companies may want to look at their current installation.
On 6/27/06, Brate Sanders <brate_sandersyahoo.co.uk> wrote:
> ----- Original Message ----
> From: Josh L. Perrymon <joshuaperrymongmail.com>
> To: full-disclosurelists.grok.org.uk; dailydavelists.immunitysec.com
> Sent: Tuesday, 27 June, 2006 9:41:23 AM
> Subject: [Full-disclosure] Sniffing RFID ID's ( Physical Security )
> My ideas on RFID risk in its current implementation:
> I'm thinking a lot of the risk with RFID would be within ID cards and
> physical security. I have been in 100's of companies that use RFID ID cards
> for physical security to access a building. Just rock up and swipe your
> badge in front of the reader right???
> What if an attacker was sitting at the cafe downstairs sniffing RFID (
> Well, sending out RFID signals to power the chips and get a response ).
> Wouldn't it be trivial to obtain the STATIC ID codes stored on the RFID
> chips and write them to a generic chip? THis new card could easily be used
> to walk right in to the target company? As we all know.. once your inside
> it's trivial to root the entire network. Just insert your usb/ CD with an
> autorun backdoor sploit connecting outside OR plug in a small wireless AP.
> Go back down to the coffee shop and hack away.
> I am sure RFID has a lot of issues and problems associated with it. But if
> you can walk into a building do something and walk out to hack later, the
> company has a lot of security issues it needs to handle before starting to
> worry about securing their RFID access mechanism.
> There may be some scenarios where a bad design or implementation is
> causing a problem or data loss/theft. But what specific problem have you
> seen or are concerned about? Or at least care to share the reasons for your
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/