Slashdot Mirror
Real RFID Hacking Scenarios
kjh1 writes "Wired is running an article on RFID hacking that has potentially scary implications. Many RFID tags have no encryption and will happily transmit their information in the clear if they are active or within range of a reader. Worse yet is that they can be overwritten. Some interesting scenarios and experiments: snagging the code off of a security badge and replaying it to gain access to a secure building; vandalizing library contents by wiping or changing tags on books; changing the prices of items in a grocery or other store; and getting free gas by tweaking the ExxonMobil SpeedPass tags."
While they may have just realized this everyone else has already known about it. Three years ago I attended BlackHat in Vegas and they presenters already were doing this.
They showed live examples and had very interesting stories about how they were reprogramming cheese to send RFID signals saying they were shavings products. Also, the store they were doing this in used RFID on all their products to make sure everything is shelved in the right place. They would reprogram an item on the shelf (already in the right place) to emit a signal saying it was something else. When the store came by to move the item to the correct place all they would find is the correct item. The presenters say it drove the store nuts.
Quality Hosting e3 Servers
Except the keypad is digital...
Huh?
I'm not sure I'm understanding what you're saying. Of course the keypad is digital. My keyboard is digital. Pretty much anything except for a mechanical combination lock is going to be "digital." (Well, even that you can argue is 'digital,' in the non-computerized sense of the term.)
Are you saying that the keypad appears on a screen, with the numbers in a random order in the array? E.g., so that some person might get a keypad numbered [[6,2,9][5,4,7][8,1,3]] and the next person would get [[3,8,4][5,2,1][6,9,7]]?
Seems like a system like that, which requires a touch-screen instead of a regular el-cheapo numeric keypad, would be pretty expensive to implement. If you have a small number of chokepoints where you can put them, it might work, but if you're trying to secure all the exterior doors of a large number of buildings, I could see it getting prohibitively expensive fast.
I have seen a lot of places that use Prox-Cards as their only form of authentication for access control: for whatever reason, people seem to think they're "more secure" than swipe cards. They were actually implemented at a place that I worked a few years ago this way, and I argued against them because of the RFID interception risk, but I got shot down by the PHB's and the system vendors, who said this was 'totally impossible.' I was tempted to try and figure out how to intercept the transmission, but I never had the time to get started.
At any rate, I don't work there anymore.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
After the recent reports that companies like Levis were testing RFID tracking in their clothes I started searching around to see what it'd cost to get an RFID reader if I wanted to start tinkering. Although self-contained hand-held readers are still quite pricey I did find an alternative. There are companies that are selling RFID attachments for Palm and Windows CE devices. For about $200-$400 you can buy an RFID device that plugs into an SD slot. Depending on how much you want to pay you can get just a reader or a reader/writer. With a little bit of software work it probably wouldn't be very difficult at all to whip up an RFID "skimmer" that you could just stick into your pocket. Just casually walk buy a security guard and steal his access card, walk around a store and reprogram prices, etc. and nobody would know it was you since you're just walking around and the device in your pocket is doing all the real work.
The June edition contains an interesting article on RFID and its security with respect to consumers. It is a good introductory article that covers all of the main security issues. It also talks about how various people who have been influential in teh government are now working for RFID companies (one being Tom Ridge former Secretary of Homeland Security)
What was interesting to me in the same articla is a reference to IBM having a 2001 patent application for tracking individual persons using the RFID constellation they create when carrying around a significant number of RFID tags. You nominate your target and profile what RFIDs they have, and then just look for that specific profile as it floats from detector to detector. This is scary stuff.
On a slightly related note, I remember seeing a comment somewhere about how teenage boys could profile the RFID constellation of hot looking women walking down the street and correlate this with the Victorias Secret catalogue in order to pick who was wearing the hot lingerie. This is a weird but possible new behaviour that RFIDs is opening.
Of more importance, I saw recently a reference to an RFID tag that could be embedded in currency notes as an anti counterfitting measure. Imagine how the muggers would jump on board this if it comes true.
I am Slashdot. Are you Slashdot as well?
He's right though that if you did a multilayer board that you could make the device a lot smaller; and I tend to wonder if you used an FPGA if you couldn't make it even smaller, down to around key-fob size. At any rate, he already seems to have achieved the "cigarette pack" size benchmark for a portable device, or close to it.
From his "Security Implications" section:I think this is worth pointing out, because most people think of RFID cards as line-of-sight devices. But there's nothing stopping someone from burying a sniffer on the other side of the wall that the reader is mounted on, or maybe some distance away if they have a high-gain receive antenna and some good pre-amplification and filtering (not too hard: they're only trying to receive on one very particular frequency, so the whole setup can be tuned for that purpose).
It's also worth noting the date on that article: October 2003. It's almost three years old at this point -- and I'm not convinced that RFID equipment has gotten any smarter, the installed base has increased significantly. The demand for sniffing equipment is going to be pretty big, and there are a lot of grey-market factories in Asia (like the ones that make console mod-chips) that will be happy to supply the hardware.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Someone who cops a feel is a little different than a sexual predator at least in my mind.
Of course, the courts may think differently than you do.
We had a good example hereabouts (a suburb of Boston) a few years back, when there was a news story about a college student who'd had a few drinks on a Saturday night relieved himself in an alley. Unfortunately for him, he was spotted by a cop, arrested, charged with, and convicted of indecent exposure. It was pointed out in the news stories that now he'd have to register as a sex offender anywhere he ever lived again.
Among all the comments of the draconian nature of this, there were a few that pointed out another problem: To many of us who read the stories, the phrases "sex offender" and "sexual predator" now induce the thought "Probably another guy caught peeing in a dark alley."
Someone once observed that a problem with unjust laws is that they bring the entire legal system into disrespect. Some of the best examples are the extreme reactions to things like this.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.