Re: RFID Tags

[c3rb3r <c3rb3r () sympatico ca>]

There are already in-use security applications for RFID,
for instance HID is selling access keys/cards/readers/programmers to 
identify enployees and control access to buildings/offices.
it would be interresting to see how easy it is to duplicate an existing 
key and thus to impersonate an employee, one for instance may
stand near the door with a reader in the pocket and harvests keys, then 
later duplicates  keys at home with a programmer.
I have seen no pocket readers so far but would it be such a pain for an 
electronic enthusiast to build one ? also programmer and keys are 
inexpensive and quite accessible for the public.
i don 't see any reference either to encryption in HID products 
documentations,  just different data formats needed to be compliant  
with several  card models.
This looks rather like data encoding than data encryption.
I m aware of many buildings around there already using  this vendor 
techno so i 'm wondering if such a replay attack is realistic ?
If so it is a very serious issue, has anybody already some experience in 
this area ?
cheers
Gregory

some references:
foxpro key:
http://www.hidcorp.com/products/proximityproducts/proxkey2.html

programmer:
http://www.hidcorp.com/products/proximityproducts/proxprogrammer.html



>  


------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------