Penetration Testing mailing list archives
Re: RFID Tags
From: Rogan Dawes <discard () dawes za net>
Date: Tue, 11 May 2004 08:42:26 +0200
Since the tag basically just transmits whatever is programmed into it when interrogated, I see no reason that someone should not be able to create a "programmable" RFID tag emulator, that simply broadcasts whatever that person wants it to when interrogated.
For example, picture a standard RFID chip, with basic components such as an antenna, a tiny CPU, and some memory (ROM, EPROM, EEPROM, FLASH, whatever).
When the tag is interrogated, the CPU reads whatever is in the memory, and broadcasts it out.
How difficult can it be to have an alternate way of programming that memory?At this point in time, I don't think that RFID tags are using any encryption (i.e. transforming a challenge broadcast to it in some way), which means that it should be trivial to snoop on a response, or interrogate the tag yourself, and copy it into your programmable tag.
So, yes, I would say that they can be copied/faked.I would also be inclined to believe that, once changed, it would not be possible to read what the original data was, DEPENDING on the nature of the underlying media. For instance, if you are using a WO-RM type of memory, that marks previously used positions as invalid, but does not overwrite them, with the right tools, you should be able to get at that previous data. I doubt that too many tags would be using this kind of scheme, but it could be worth investigating for a forensics case . . .
Regards, Rogan James Hester wrote:
Tim, That depends on what tag you are going to use. The Class I tag has 96 bits of memory that can be programmed. There are some types of tags that have the ability to password protect the memory, but when you do things like that it drives the price up. The tags can be written, but I doubt you will be able to pull the original data off once it's erased since it's stored on the tag's chip. Jay -----Original Message----- From: Timothy Marshall [mailto:tim () labmonkey me uk] Sent: Monday, May 10, 2004 6:05 AM To: pen-test () securityfocus com Subject: RFID Tags Hi, Does anyone have information / experience on how secure these tags are? Can the data they store be changed in anyway? Can they be copied / faked? If they are changed can the original information still be read? Cheers Tim ---------------------------------------------------------------------------- -- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --- ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
-- Rogan Dawes *ALL* messages to discard () dawes za net will be dropped, and added to my blacklist. Please respond to "lists AT dawes DOT za DOT net" ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- RFID Tags Timothy Marshall (May 10)
- RE: RFID Tags James Hester (May 10)
- Re: RFID Tags Rogan Dawes (May 11)
- RE: RFID Tags James Hester (May 11)
- Re: RFID Tags Rogan Dawes (May 11)
- Re: RFID Tags lsi (May 11)
- RE: RFID Tags James Hester (May 11)
- RE: RFID Tags ktabic (May 12)
- RE: RFID Tags Rob Shein (May 11)
- RE: RFID Tags lsi (May 12)
- RE: RFID Tags James Hester (May 12)
- Re: RFID Tags c3rb3r (May 12)
- Re: RFID Tags c0ncept (May 16)
- RE: RFID Tags James Hester (May 11)
- RE: RFID Tags James Hester (May 10)
- <Possible follow-ups>
- RE: RFID Tags Kim.Sassaman (May 11)