[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5e01c29a0606262124k323901b4q683649b1d3d991fb@mail.gmail.com>
Date: Tue Jun 27 05:24:44 2006
From: michaelslists at gmail.com (mikeiscool)
Subject: Sniffing RFID ID's ( Physical Security )
On 6/27/06, Josh L. Perrymon <joshuaperrymon@...il.com> wrote:
> I was contacted by Eweek recently about previous posts about RFID and how it
> is being used at the World Cup and Olympics. This got me thinking a little
> more about some previous ideas I have had. I think the real risk is in RFID
> access cards.
>
> World Cup and Olympics are / will be using embedded RFID chips in tickets to
> ID ticketholders. Upon buying the tickets patrons provide a lot of personell
> details-
>
> This is stored in a Database and I suppose a unique ID is assigned to each
> ticket holder. Now internal security can identify each ticket holder and do
> whatever they want with the data. ( ID terrorists so on, I dont care. )
>
> Risks: Not a lot here-
> As long as the ID used on the ticket is unique and not associated with
> personell details. An attacker would have to embed an SQL injection into
> the RFID ticket or another RFID chip in their pocket to be parsed by the
> RFID reader / backend. I have't been involved in many of these systems but I
> will bet that input validation may not be built into the SDLC. But overall,
> injecting SQL to get a remote connection may be fairly involved and take
> several attempts. But deleting the DB may be a lot easier.
>
> My ideas on RFID risk in its current implementation:
> I'm thinking a lot of the risk with RFID would be within ID cards and
> physical security. I have been in 100's of companies that use RFID ID cards
> for physical security to access a building. Just rock up and swipe your
> badge in front of the reader right???
>
> What if an attacker was sitting at the cafe downstairs sniffing RFID ( Well,
> sending out RFID signals to power the chips and get a response ). Wouldn't
> it be trivial to obtain the STATIC ID codes stored on the RFID chips and
> write them to a generic chip? THis new card could easily be used to walk
> right in to the target company? As we all know.. once your inside it's
> trivial to root the entire network. Just insert your usb/ CD with an
> autorun backdoor sploit connecting outside OR plug in a small wireless AP.
>
> Go back down to the coffee shop and hack away.
>
> Is anyone addressing this RFID issue for access cards? At MINUMIUM a private
> PIN# should be used with this type of ID.
>
> I'd like to hear your ideas / comments.
eh?
surely a RFID would only communicate it's private token with a trusted
(i.e. keyed) source.
like a smartcard ...
> Cheers,
>
> Joshua Perrymon
> CEO
> Packet Focus Security Research
> www.packetfocus.com
> josh.perrymon@...ketfocus.com
-- mic
CMLRA, Mirios
Powered by blists - more mailing lists