[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <7d85153f0606271729h161db104sb4bc576e0613443c@mail.gmail.com>
Date: Wed Jun 28 01:29:37 2006
From: joshuaperrymon at gmail.com (Josh L. Perrymon)
Subject: Sniffing RFID ID's ( Physical Security )
Thanks for the link Gary,
I read that article last night and believe it validates my thoughts.
However, a lot of engineers found some details controversial.
http://www.digg.com/security/The_RFID_Hacking_Underground
I think most of this was in regards to the term "cookie" and how it was used
in the article. In regards to RFID implementation like "EZ-pass"- a device
that attaches inside a vehicle to pay tolls automatically. There is a cache
or history on the chip that records previous transactions. Due to the
limited space you wouldn't place anything onto the chip but this would be a
"method" of accessing the RFID chip to harvest.
My next step is to locate the equipment needed to test this theory. I have
access to a reader/ writer but I feel that I may need to build a purpose
built unit to capture and replay the traffic. My preference would be an IpaQ
running Linux with an RFID reader/writer card that can be manipulated to do
what I want.
>From a pen-testing perspective: What do you guys think that large companies
would say about this risk? Is this valid enough to cause change in an
organization. Or is this like most everything else we see.. reactive only.
Will it take a major breaking or loss before A fortune 500 company would
pull out their insecure RFID system?
Thanks for your time,
JP
www.packetfocus.com
On 6/28/06, Gary E. Miller <gem@...lim.com> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Yo Josh!
>
> On Tue, 27 Jun 2006, Josh L. Perrymon wrote:
>
> > Is it possible to sniff the data from RFID access control cards and
> write
> > the contents to a generic RFID card? Then use the copied RFID card to
> gain
> > access inside the target building?
>
> Yes: http://www.wired.com/wired/archive/14.05/rfid.html
>
> RGDS
> GARY
> -
> ---------------------------------------------------------------------------
> Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
> gem@...lim.com Tel:+1(541)382-8588
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.3 (GNU/Linux)
>
> iD8DBQFEocep8KZibdeR3qURAthxAKCHb9APSreZ6KLFXf4HBrT9ZCaXqwCfYNpG
> CUuJzLH2TuhMw66aIauDzFA=
> =rSfr
> -----END PGP SIGNATURE-----
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060628/b3ea2342/attachment.html
Powered by blists - more mailing lists