lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue Jun 27 05:24:44 2006 From: michaelslists at gmail.com (mikeiscool) Subject: Sniffing RFID ID's ( Physical Security ) On 6/27/06, Josh L. Perrymon <joshuaperrymon@...il.com> wrote: > I was contacted by Eweek recently about previous posts about RFID and how it > is being used at the World Cup and Olympics. This got me thinking a little > more about some previous ideas I have had. I think the real risk is in RFID > access cards. > > World Cup and Olympics are / will be using embedded RFID chips in tickets to > ID ticketholders. Upon buying the tickets patrons provide a lot of personell > details- > > This is stored in a Database and I suppose a unique ID is assigned to each > ticket holder. Now internal security can identify each ticket holder and do > whatever they want with the data. ( ID terrorists so on, I dont care. ) > > Risks: Not a lot here- > As long as the ID used on the ticket is unique and not associated with > personell details. An attacker would have to embed an SQL injection into > the RFID ticket or another RFID chip in their pocket to be parsed by the > RFID reader / backend. I have't been involved in many of these systems but I > will bet that input validation may not be built into the SDLC. But overall, > injecting SQL to get a remote connection may be fairly involved and take > several attempts. But deleting the DB may be a lot easier. > > My ideas on RFID risk in its current implementation: > I'm thinking a lot of the risk with RFID would be within ID cards and > physical security. I have been in 100's of companies that use RFID ID cards > for physical security to access a building. Just rock up and swipe your > badge in front of the reader right??? > > What if an attacker was sitting at the cafe downstairs sniffing RFID ( Well, > sending out RFID signals to power the chips and get a response ). Wouldn't > it be trivial to obtain the STATIC ID codes stored on the RFID chips and > write them to a generic chip? THis new card could easily be used to walk > right in to the target company? As we all know.. once your inside it's > trivial to root the entire network. Just insert your usb/ CD with an > autorun backdoor sploit connecting outside OR plug in a small wireless AP. > > Go back down to the coffee shop and hack away. > > Is anyone addressing this RFID issue for access cards? At MINUMIUM a private > PIN# should be used with this type of ID. > > I'd like to hear your ideas / comments. eh? surely a RFID would only communicate it's private token with a trusted (i.e. keyed) source. like a smartcard ... > Cheers, > > Joshua Perrymon > CEO > Packet Focus Security Research > www.packetfocus.com > josh.perrymon@...ketfocus.com -- mic CMLRA, Mirios
Powered by blists - more mailing lists