Full Disclosure mailing list archives

Re: Sniffing RFID ID's ( Physical Security )

From: "Josh L. Perrymon" <joshuaperrymon () gmail com>
Date: Wed, 28 Jun 2006 10:29:29 +1000

Thanks for the link Gary,

I read that article last night and believe it validates my thoughts.
However, a lot of engineers found some details controversial.

http://www.digg.com/security/The_RFID_Hacking_Underground

I think most of this was in regards to the term "cookie" and how it was used
in the article. In regards to RFID implementation like "EZ-pass"- a device
that attaches inside a vehicle to pay tolls automatically. There is a cache
or history on the chip that records previous transactions. Due to the
limited space you wouldn't place anything onto the chip but this would be a
"method" of accessing the RFID chip to harvest.

My next step is to locate the equipment needed to test this theory. I have
access to a reader/ writer but I feel that I may need to build a purpose
built unit to capture and replay the traffic. My preference would be an IpaQ
running Linux with an RFID reader/writer card that can be manipulated to do
what I want.

From a pen-testing perspective: What do you guys think that large companies

would say about this risk? Is this valid enough to cause change in an
organization. Or is this like most everything else we see.. reactive only.
Will it take a major breaking or loss before A fortune 500 company would
pull out their insecure RFID system?

Thanks for your time,

JP
www.packetfocus.com

On 6/28/06, Gary E. Miller <gem () rellim com> wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yo Josh!

On Tue, 27 Jun 2006, Josh L. Perrymon wrote:

> Is it possible to sniff the data from RFID access control cards and
write
> the contents to a generic RFID card? Then use the copied RFID card to
gain
> access inside the target building?

Yes: http://www.wired.com/wired/archive/14.05/rfid.html

RGDS
GARY
-
---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
        gem () rellim com  Tel:+1(541)382-8588

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEocep8KZibdeR3qURAthxAKCHb9APSreZ6KLFXf4HBrT9ZCaXqwCfYNpG
CUuJzLH2TuhMw66aIauDzFA=
=rSfr
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Sniffing RFID ID's ( Physical Security ), (continued)
- - - Re: Sniffing RFID ID's ( Physical Security ) Josh L. Perrymon (Jun 26)
    - Re: Sniffing RFID ID's ( Physical Security ) mikeiscool (Jun 26)
    - Re: Sniffing RFID ID's ( Physical Security ) Josh L. Perrymon (Jun 26)
    - Re: Sniffing RFID ID's ( Physical Security ) Andre Gagne (Jun 27)
    - Re: Sniffing RFID ID's ( Physical Security ) Hugo Fortier (Jun 27)
- Re: Sniffing RFID ID's ( Physical Security ) Saeed Abu Nimeh (Jun 26)
- Re: Sniffing RFID ID's ( Physical Security ) Brate Sanders (Jun 26)
  - Re: Sniffing RFID ID's ( Physical Security ) Josh L. Perrymon (Jun 27)
    - Re: Sniffing RFID ID's ( Physical Security ) Meder Kydyraliev (Jun 27)
    - Re: Sniffing RFID ID's ( Physical Security ) Gary E. Miller (Jun 27)
    - Re: Sniffing RFID ID's ( Physical Security ) Josh L. Perrymon (Jun 27)
    - Re: Sniffing RFID ID's ( Physical Security ) Gary E. Miller (Jun 27)
    - Re: Sniffing RFID ID's ( Physical Security ) Adam Laurie (Jun 28)
- RE: Sniffing RFID ID's ( Physical Security ) Glenn.Everhart (Jun 27)
- RE: Sniffing RFID ID's ( Physical Security ) Ng, Kenneth (US) (Jun 27)