RFID hacking

Well it is that time again.

Over the last two years or so RFID has become more popular and yes there are various thing you can do with RFID.

We need to all start searching for fun things to look at in relation to RFID hacking....:blink:

I would like to start it off - and I am going to make this a sticky for a while.

h**p://rfidiot.org/

thanks, was thinking about the implication of carrying rfid enabled devices (like mobilephones here and virtual cash cards) and the scope for abuse!!

Well we need to look at it all as it affects us all if you know what I mean

a m8 of mine is doing an dissertation on rfid.. do you have any other useful links for me to pass on unclex?

It's the next big thing that gonna be open to so much abuse, interesting times ahead, if i find any interesting link or journal ( i do remember reading one) I shall pass them on

The one above is the best one I can find that relates to the UK

There's a book in the downloads section on RFID security if it's any help. Link still works surprisingly. :)

http://www.digital-forums.com/showthread.php?t=268420

Thanks for the link

Any more good sites on this or places for cheap readers


We also need to look at a tool called RFDUMP

Check the rf-dump site out, it says what readers are compatible.

I was looking into cloning Phillips Mifare tags, but they have some kind of security code. Anyone know if they can be brute forced?

Well it is funny how there is now talk about installing RFID to Credit Cards.

This is from last year - but there are still proposals to move forward with RFID Credit Cards

RFID has been riddled with so many problems, it's amazing that anyone even has a shred of confidence in this technology at all. Our latest security problem du jour is that credit card companies are apparently issuing plastic that relays your digits wirelessly; as you might have guessed, security researchers are checking into this, and in a demonstration for The New York Times, easily hacked a University of Massachusetts computer science professor's newfangled RFID credit card. In short order (and with his permission), a researcher working with RSA Labs was able to steal the professor's name and credit card number that was being transmitted in cleartext -- thereby poking massive holes in Visa, MasterCard and American Express' claims that these card include "the highest level of encryption allowed by the U.S. government." Predictably, the credit card companies have already dismissed claims that the populus will be greatly affected by this hack. Brian Triplett, senior vice president for emerging-product development for Visa, told the Gray Lady: "This is an interesting technical exercise, but as a real threat to a consumer - that threat really doesn't exist." Well, Brian, care to put your plastic where your mouth is?

h**p://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/

Are the Credit Card Companies MAD :whistling

It is only a matter of time before some breaks this type of system.

Check this out

http://www.digital-forums.com/showthread.php?t=295401

Just a thought. New cars with keyless start - like those new mercs work on rfid chips. So if I was to get rf-dump on a suitable handheld with appropraiate h/w, I could walk up to the owner of a £100k merc and capture his tag's details. Go back to car, and it should start it. Won't be able to do much, as modern immobs work on a rolling code system, so next time the car needs to be started, it won't accept the same code. (However, I suppose if you were to programme a clone of the original tag, the car should write the next expected value to your home made tag).

Only problem I can see if the value of the code in the tag is a function of the serial no of the tag. I'm not even gonna consider nicking new mercs cos they've all got trackers probably, but I just have a curious mind (and the value being a function of the serial was something I thought about being an obstacle to another little idea I had). Was wondering if anyone had any knowledge of whether these tags would be encypted in such a way, as when I looked into Mifare cards, the only secuirty mentioned was some sort of p/w to access bits of the card - I reckon probably could be brute forced - can't get a conclusive answer there either. Anyone else got any ideas.

Even ideas not yet in concrete, just wanna hear what others are thinking.

x edit

h**p://www.theregister.co.uk/2006/08/04/cloning_epassports/

Well I now have a CCcard with this installed and used the wave option the other day without a pin

I can see skimming happening in the high street.

Walk down the road and some BaS$%£"£D nicks your details.

It is bound to happen.

Yeah I have one on my barclays card, and was thinking that if you were to bump into someone, or if someone taps your arse with a "paper" there go your details.

Probably put readers under bar stools etc, toilets and all sorts. Doubt it would take much to amplify the receiver signal to increase range.

If you think about it, I know that contactless payments are only valid for up to £20 or something, but if someone goes around bumping into people in the city, taking £20 off them all the time, it won't take long to earn a shit load of cash in a day...

Considdering Oyster cards were hacked as well, I think that someone needs to come up with a better idea for electronic payments. Didn't they say as well that they were after putting this tech in mobile phones...


DJ OD

NFC (near field communications) in mobiles

http://en.wikipedia.org/wiki/Near_field_communication

I don't know if it helps you at all, but there is software out there called Bartender that can generate RFIDs. It might give some insight as to how it works.