lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed Jun 28 01:29:37 2006 From: joshuaperrymon at gmail.com (Josh L. Perrymon) Subject: Sniffing RFID ID's ( Physical Security ) Thanks for the link Gary, I read that article last night and believe it validates my thoughts. However, a lot of engineers found some details controversial. http://www.digg.com/security/The_RFID_Hacking_Underground I think most of this was in regards to the term "cookie" and how it was used in the article. In regards to RFID implementation like "EZ-pass"- a device that attaches inside a vehicle to pay tolls automatically. There is a cache or history on the chip that records previous transactions. Due to the limited space you wouldn't place anything onto the chip but this would be a "method" of accessing the RFID chip to harvest. My next step is to locate the equipment needed to test this theory. I have access to a reader/ writer but I feel that I may need to build a purpose built unit to capture and replay the traffic. My preference would be an IpaQ running Linux with an RFID reader/writer card that can be manipulated to do what I want. >From a pen-testing perspective: What do you guys think that large companies would say about this risk? Is this valid enough to cause change in an organization. Or is this like most everything else we see.. reactive only. Will it take a major breaking or loss before A fortune 500 company would pull out their insecure RFID system? Thanks for your time, JP www.packetfocus.com On 6/28/06, Gary E. Miller <gem@...lim.com> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Yo Josh! > > On Tue, 27 Jun 2006, Josh L. Perrymon wrote: > > > Is it possible to sniff the data from RFID access control cards and > write > > the contents to a generic RFID card? Then use the copied RFID card to > gain > > access inside the target building? > > Yes: http://www.wired.com/wired/archive/14.05/rfid.html > > RGDS > GARY > - > --------------------------------------------------------------------------- > Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 > gem@...lim.com Tel:+1(541)382-8588 > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.3 (GNU/Linux) > > iD8DBQFEocep8KZibdeR3qURAthxAKCHb9APSreZ6KLFXf4HBrT9ZCaXqwCfYNpG > CUuJzLH2TuhMw66aIauDzFA= > =rSfr > -----END PGP SIGNATURE----- > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060628/b3ea2342/attachment.html
Powered by blists - more mailing lists