UPDATED SEPT. 28, 2016: In the last three years, much has changed in RFID technology. In 2013, 125KHz RFID proximity badges were the default in nearly all deployments, but that's no longer the case in 2016. In a follow-up interview, Francis Brown, managing partner at security firm Bishop Fox, noted that since 2013, he has seen many organizations make the switch to newer, more secure high-frequency contactless card systems. Despite increased efforts and progress made by some companies in recent years to upgrade to more secure contactless card systems, the large majority of physical access control systems out there are still legacy 125KHz proximity card deployments, he said. 'I think my 2013 talk really hit home for a lot of people, and finally broke the inertia and motivated companies to take corrective action and protect themselves,' Brown told eWEEK.
'It ended up getting a lot of attention, especially when the hit show, 'Mr. Robot,' ended up using the Tastic RFID Thief to pull off their biggest hack against Evil Corp. In Season 1 July 2015.' The same Tastic RFID Thief tool that Brown built in 2013 still works in 2016. The original attack focused on the 125KHz RFID system, but since 2013, Bishop Fox has demonstrated how it can be used to attack newer high-frequency badge systems like those for access control systems, Brown said.
At Defcon 23 in 2015, Brown released additional tools for RFID hacking of badges, readers and controllers. Bishop Fox maintains a where it lists the current tools that are available. Bishop Fox its Danger Drone airborne hacking technology at the Black Hat USA 2016 security conference. It's a tool that Brown unabashedly admits has been used for RFID badge stealing, too. 'I'll admit, the Danger Drone isn't as practical of a tool for RFID badge stealing when compared to walking by someone with the stealthy Tastic RFID Reader hidden in a messenger bag,' Brown said. 'However, it is a bit more fun. I'm sure you can imagine scenarios where we have the drone flying by unsuspecting business folks, getting within the couple feet necessary to get a read on their proximity badges.
And scaring the crap out of them. ' On a more serious note, Brown said that the Danger Drone was originally conceived as a possible alternative to RFID badge hacking attacks altogether. The Tastic RFID Thief was designed to steal badge info, so that Bishop Fox researchers could create a cloned card and then enter a target facility in order to gain physical access to restricted internal networks and devices. While the Tastic RFID Thief approach has been effective for Bishop Fox thus far, Brown said that with the Danger Drone, his company could eliminate its physical exposure and risk of being apprehended. 'Rather than breaking in and plugging in, we could instead land on the roof, hack the WiFi and obtain the same unauthorized access to a target building's internal network,' Brown said.
Hackers can break into just about any office with electronics bought on Amazon. Which housed the RFID reader that eventually grabbed the employee's badge out of thin air. If the card gets. A while ago, I was looking at Hack A Day, and I saw an amazing project that. I started by building a RFID card reader (more details in a future article).
Here's eWEEK's Original Report From July 31, 2013. Further reading. LAS VEGAS—Radio-frequency identification tags are widely deployed around the world and commonly used for building security system cards. As it turns out, those RFID security cards might not be all that secure.
That is the conclusion of Francis Brown, managing partner at security firm Bishop Fox, who detailed his research on RFID hacking on July 31 at the here. In an interview with eWEEK, Brown said he started out doing his RFID research focused on a specific requirement: He needed to break in to a building. Although there are multiple types of RFID technologies, the focus of Brown's efforts is on the 125KHz frequency, which is the primary technology used for badge readers and physical security systems in buildings. According to Brown there are three steps to hacking RFID. Step one is trying to steal the badge information from somebody as they walk. 'I want to be able to silently and discretely steal that information as I walk by them,' Brown said.
Step two is to make a copy of the RFID badge-reader card. Step three is the penetration tester, which is then able to get access to the target building. 'Out of those three steps, the part that was most lacking in terms of existing tools was step one,' Brown said.
To aid in the silent theft of RFID information from unassuming passersby, Brown developed an open-source Arduino-based tool. Is an open-source electronic prototyping platform often used by artists, designers and others. 'What I basically did, is take a long-range reader, that is typically meant for parking garages, to collect the RFID data,' Brown said. 'Normally, you'd run a wire from the reader down a pole and into a building with a computer that makes the decision on whether the badge is valid or not.' Brown is using the Arduino-powered tool to get the output, instead of it going into a building computer. At Black Hat, Brown is releasing the code that will need to run on the Arduino.
'I'm letting the reader do all the work, and the Arduino is processing it and writing it to a text file,' Brown explained. Brown, who acquired the RFID reader on eBay, explained that for legal reasons it's not possible to build an RFID reader due to a number of patent-related concerns.
![]()
The RFID output that the Arduino gets is a 10-digit hexadecimal. With that in hand, Brown said it's simple to replicate the remotely stolen information using a device. The unfortunate reality, according to Brown, is that with most of the building security badges that are running at 125KHz, there is no secure authentication mechanism. 'Basically, if the card gets close enough to a card reader, it just starts yelling out its ones and zeroes,' Brown said.
He added that there are more secure solutions available from commercial, though they are not widely deployed. So how can people protect themselves and their badge IDs from being remotely stolen? The simple fix could be as easy as having a protective sleeve or wallet to keep the security badge information safe. 'The number-one catch with the RFID badge sleeve is that some of them work and some of them don't,' Brown said. 'My recommendation is that before you buy them, make sure you test them out to make sure they actually work.' Sean Michael Kerner is a senior editor at eWeek and InternetNews.com.
Follow him on Twitter.
Advertisement How much do you know about RFID chips? Do you know how many you’re carrying at any given moment? Do you know what information is stored on them? Do you know how close a hacker needs to get to you in order to steal that information? Have you considered any form of RFID protection? And most importantly, do you know what RFID protection will be effective? These days, RFID chips are present in all sorts of items, such as credit cards, library books, grocery goods, security tags, implanted pet details, implanted medical records, passports and more.
Some schools now require their students wear RFID tags. The amount of information which could be learned about you from your RFID chips is quite a lot!
Plus, you never know what those information thieves are planning on doing with your information, either. So, it’s best to understand the risks of RFID hacking and limit your exposure to harm. Here’s the basics of what you need to know. $9.99 What Is RFID?
RFID stands for Radio Frequency IDentification and it’s used for short-distance communication of information. It does not require line of sight to work, meaning that the RFID chip and the reader merely need to be within range of each other to communicate. There are a few main types of RFID chip:. Passive Tags require a radio signal to be emitted from the receiver in order to be read.
This also means they operate on a small distance and can’t transmit a lot of data. Examples of these can be found in credit cards and door passes. Active Tags have on-board batteries and can therefore actively transmit their data over a larger distance. Also, they can transmit a larger amount of data than passive tags. Examples of active tags include toll passes mounted in cars. RFID frequencies vary according to the device and country, but usually operate in this range:.
Low Frequency RFID is. $9.99 Here’s an which will give you a lot to think about, where Wired talks to RFID hackers about various exploits, including breaking into an internet security company, changing the prices on grocery items before purchasing, cloning RFID tags and using grocery items to open hotel rooms, deleting information from library books, getting free petrol, breaking into cars, tracking where people drive and reading medical data. How To Block RFID Signals In general, metal and water are the best ways to block radio signals to and from your RFID chip. Once that radio signal is blocked, the data cannot be read.
Now, we need to dispel a myth. Some people think that wrapping your credit cards in aluminium foil will be enough to protect them from RFID scanners. This is not true! A foil wrapping will help, but it won’t stop the scanner. It just means the scanner has to be a lot closer to you to get the information.
If you haven’t yet bought some decent RFID protection, foil will help you somewhat, but it’s not a real solution to the problem. A neat idea is to line the money pouch of your wallet with foil, so that all of your cards contained within are somewhat protected from RFID scanning.
$9.99 It should also be mentioned that many sellers of RFID protection are basically just selling foil sleeves. Be wary of these as they won’t protect you fully. In some countries, governments have begun to give accreditation to RFID protection that complies to certain standards. Be on the lookout for this accreditation when you purchase RFID protective wallets, passport pouches and sleeves.
The most effective RFID-protecting sleeves, pouches and wallets on the market are those that use a Faraday Cage within a leather exterior. Faraday cages in paper sleeves are also very effective, but will be less durable.
Search for protection that contains the words “Electromagnetically Opaque” and you should be on the right track. It’s also possible to break your RFID tags.
To disable an RFID chip, common practices involve a large electromagnetic pulse (such as microwaving the chip) or hitting it with a hammer. Note that most disabling methods could ruin the rest of the item too, which is not ideal.
![]()
Another important thing you can do to protect yourself is to ensure your security plan does not rely on RFID only. For instance, contact your credit card issuer and see if they will disable RFID-only purchases on your card. Then if someone were to clone the RFID tag in your card you would still be safe from theft.
Another example would be to not rely on RFID door passes alone for your office and to ensure there is another robust security system in place. If you are paranoid about your RFID presence, you could make your own RFID reader and regularly check your household to see what is readable and check how well your RFID protection is working. For the extremely paranoid, you could also check the data on each item to see if anything has been changed.
Have you got any other great tips to protect yourself against RFID exploits? Or do you have a horror story to share? Image Credit:, Explore more about:.
Comments are closed.
|
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |