Full Disclosure mailing list archives
Re: Sniffing RFID ID's ( Physical Security )
From: "Josh L. Perrymon" <joshuaperrymon () gmail com>
Date: Wed, 28 Jun 2006 10:29:29 +1000
Thanks for the link Gary, I read that article last night and believe it validates my thoughts. However, a lot of engineers found some details controversial. http://www.digg.com/security/The_RFID_Hacking_Underground I think most of this was in regards to the term "cookie" and how it was used in the article. In regards to RFID implementation like "EZ-pass"- a device that attaches inside a vehicle to pay tolls automatically. There is a cache or history on the chip that records previous transactions. Due to the limited space you wouldn't place anything onto the chip but this would be a "method" of accessing the RFID chip to harvest. My next step is to locate the equipment needed to test this theory. I have access to a reader/ writer but I feel that I may need to build a purpose built unit to capture and replay the traffic. My preference would be an IpaQ running Linux with an RFID reader/writer card that can be manipulated to do what I want.
From a pen-testing perspective: What do you guys think that large companies
would say about this risk? Is this valid enough to cause change in an organization. Or is this like most everything else we see.. reactive only. Will it take a major breaking or loss before A fortune 500 company would pull out their insecure RFID system? Thanks for your time, JP www.packetfocus.com On 6/28/06, Gary E. Miller <gem () rellim com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yo Josh! On Tue, 27 Jun 2006, Josh L. Perrymon wrote: > Is it possible to sniff the data from RFID access control cards and write > the contents to a generic RFID card? Then use the copied RFID card to gain > access inside the target building? Yes: http://www.wired.com/wired/archive/14.05/rfid.html RGDS GARY - --------------------------------------------------------------------------- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 gem () rellim com Tel:+1(541)382-8588 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEocep8KZibdeR3qURAthxAKCHb9APSreZ6KLFXf4HBrT9ZCaXqwCfYNpG CUuJzLH2TuhMw66aIauDzFA= =rSfr -----END PGP SIGNATURE-----
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Sniffing RFID ID's ( Physical Security ), (continued)
- Re: Sniffing RFID ID's ( Physical Security ) Josh L. Perrymon (Jun 26)
- Re: Sniffing RFID ID's ( Physical Security ) mikeiscool (Jun 26)
- Re: Sniffing RFID ID's ( Physical Security ) Josh L. Perrymon (Jun 26)
- Re: Sniffing RFID ID's ( Physical Security ) Andre Gagne (Jun 27)
- Re: Sniffing RFID ID's ( Physical Security ) Hugo Fortier (Jun 27)
- Re: Sniffing RFID ID's ( Physical Security ) Josh L. Perrymon (Jun 27)
- Re: Sniffing RFID ID's ( Physical Security ) Meder Kydyraliev (Jun 27)
- Re: Sniffing RFID ID's ( Physical Security ) Gary E. Miller (Jun 27)
- Re: Sniffing RFID ID's ( Physical Security ) Josh L. Perrymon (Jun 27)
- Re: Sniffing RFID ID's ( Physical Security ) Gary E. Miller (Jun 27)