lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <7d85153f0606271729h161db104sb4bc576e0613443c@mail.gmail.com>
Date: Wed Jun 28 01:29:37 2006
From: joshuaperrymon at gmail.com (Josh L. Perrymon)
Subject: Sniffing RFID ID's ( Physical Security )

Thanks for the link Gary,

I read that article last night and believe it validates my thoughts.
However, a lot of engineers found some details controversial.

http://www.digg.com/security/The_RFID_Hacking_Underground

I think most of this was in regards to the term "cookie" and how it was used
in the article. In regards to RFID implementation like "EZ-pass"- a device
that attaches inside a vehicle to pay tolls automatically. There is a cache
or history on the chip that records previous transactions. Due to the
limited space you wouldn't place anything onto the chip but this would be a
"method" of accessing the RFID chip to harvest.

My next step is to locate the equipment needed to test this theory. I have
access to a reader/ writer but I feel that I may need to build a purpose
built unit to capture and replay the traffic. My preference would be an IpaQ
running Linux with an RFID reader/writer card that can be manipulated to do
what I want.

>From a pen-testing perspective: What do you guys think that large companies
would say about this risk? Is this valid enough to cause change in an
organization. Or is this like most everything else we see.. reactive only.
Will it take a major breaking or loss before A fortune 500 company would
pull out their insecure RFID system?

Thanks for your time,

JP
www.packetfocus.com

On 6/28/06, Gary E. Miller <gem@...lim.com> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Yo Josh!
>
> On Tue, 27 Jun 2006, Josh L. Perrymon wrote:
>
> > Is it possible to sniff the data from RFID access control cards and
> write
> > the contents to a generic RFID card? Then use the copied RFID card to
> gain
> > access inside the target building?
>
> Yes: http://www.wired.com/wired/archive/14.05/rfid.html
>
> RGDS
> GARY
> -
> ---------------------------------------------------------------------------
> Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
>         gem@...lim.com  Tel:+1(541)382-8588
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.3 (GNU/Linux)
>
> iD8DBQFEocep8KZibdeR3qURAthxAKCHb9APSreZ6KLFXf4HBrT9ZCaXqwCfYNpG
> CUuJzLH2TuhMw66aIauDzFA=
> =rSfr
> -----END PGP SIGNATURE-----
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060628/b3ea2342/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ