lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <7d85153f0606262253u3198d131h52d4f7435218e49c@mail.gmail.com>
Date: Tue Jun 27 06:53:22 2006
From: joshuaperrymon at gmail.com (Josh L. Perrymon)
Subject: Sniffing RFID ID's ( Physical Security )

I'm just looking to validate if this is the case.
Are most RFID access control cards susceptable to interception? I can see
the security features built into something like RFID Credit Cards.. but I'm
betting this is not the case with RFID access cards.

Obviously, I can't validate this until I get a RFID reader/writer.

If this is the case then it's a global problem. Not only for accessing a
building illegally-- but this is a form of stealing a users identify. A lot
of companies use the backend data from the card readers to trend workers
in/out time and areas accessed. blah blah blah.

Plus, I'd like to try this on my next on-site hack.


JP
PacketFocus.com

On 6/27/06, mikeiscool <michaelslists@...il.com> wrote:
>
> On 6/27/06, Josh L. Perrymon <joshuaperrymon@...il.com> wrote:
> > My post was based more on *existing* RFID implementations used for
> physical
> > security access cards.
> >
> > I know that non-contact cards such as RFID Credit Cards use encryption
> so
> > on...  But are still vulnerable to non-authorized transactions.. I'm
> mean..
> > there is no green button you push to authorize the transaction.
> >
> > But I just don't believe that the RFID access-card I use to access
> client
> > premeises use any type of encryption or only communicate with specific
> > readers.
> >
> > IF* this is the case then an attacker should have no problems powering
> the
> > card and making a "copy" of the contents.
>
> so what's your question then? how your card works? or how to make it
> secure?
>
>
> > JP
> > PacketFocus
> >
> > www.packetfocus.com
> > josh.perrymon@...ketfocus.com
>
> -- mic
> CMLRA, Mirios
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/35e386cd/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ