Domain: cq.cx
Stories and comments across the archive that link to cq.cx.
Comments · 8
-
Yes.
I recall a demonstration of an RFID card-cloning device from several years ago, where as a proof-of-concept the builder of the clonig device covertly cloned an authorized RFID security card and opened a secured door with it. It was a controlled penetration test against an aware target, but it clearly worked. It was widely publicized. (I'm not sure if this is the same tester - I think so - but there are full build instructions for a cloner available here: http://cq.cx/proxmark3.pl )
It's very difficult to imagine that this attack has never been duplicated as part of a hostile act after so long. It's easy to imagine that such an attack would not be reported, however, because such an attack could actually be very difficult to detect without an independent system monitoring physical access (e.g. cameras) and without evidence of some security breach to spur an investigation into access and camera logs. A strictly information-gathering penetration could be accomplished with hardly a trace.
Just because an exploit hasn't been seen in the wild yet doesn't mean it's not out there.
-
Re:If ever there was a time...
-
Re:If ever there was a time...
-
RFID Spoofing Guide
-
A PCB for cloning RFID tags
http://cq.cx/proxmarkii.pl provides a nice article on how one Canadian guy designed a small hardware solution for cloning RFID tags. It should be very clear that RFID is NOT secure -- it's actually more likely to be insecure, in spite of the vendors who are offering tin-foil hats for their RFID cards.
-
Re:Interresting Question
It's a marketing ploy. (thank you, nephew post) Passive, static RFID. Easy to clone, unless they've upgraded recently.
But even if it wasn't, why implant it? Theoretically that should prevent someone from stealing someone else's wallet and getting in, but you shouldn't be allowing access to people without proper ID anyway. I pose the question genuinely... what's the advantage?
Also, with wireless devices, there is no fixed range. If you're going to make a wireless RFID reader, you might as well give it a wide range. Any range you may care to get can be had with a sufficiently high send signal and a sufficiently good receiving antenna (or array). If it is one foot it might as well be 50. The 15 foot range might help you hide the equipment, might let them put it behind walls to make it less succeptable to attack. It might also be covering for certain angles through the body where the RF would have a hard time penetrating. They might just want to sell a more expensive antenna array, or expect the signal to get fainter as the system ages. Having a smaller range makes reading harder, but for the kind of cash you're talking in industrial espionage, you should have no problem. -
Clonable?Anybody who actually wants to know whether Verichip uses the cheap send-a-number approach or the more expensive challenge/response is welcome to read Jonathan Westerhues's Verichip examination.
Activists have pointed out another detail that raises a question. What if the employee needs an MRI? The implant is not necessarily unsafe but the directions do say not to put it in an MRI unless the patient is conscious to report burning or "unusual sensations". Any doctors want to comment on how often you do MRI's on unconscious people? Is it not a problem in practice?
-
Some use crypto; VeriChip,which doesnt,was cracked
VeriChip has been cracked. That's only because it didn't use cryptography. JHU researchers have cracked the Exxon Mobil Speedpass [research link] cryptographic RFID devices using brute force. It took 15 mintes per key, but this required 16 $200 FPGAs ($3200) working in parallel.
Ignoring the time taken to reverse engineer the protocol, it also requires extra equipment to do the analysis for the actual reverse engineering. To my knowledge, no code has been published publically.
At this point in time, it seems that cryptographic RFID devices, despite being cryptographically weak, are pretty secure from a practical standpoint due to a level of sophistication require to execute attacks currently.
Plus I must wonder a) how close you have to be to read/activate VeriChip devices and b) if the readers are inside of a faraday cage when they enter the facility. At the very least, this will remove the possiblity of using lost keys or ones that were left lying around unattended.