Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Wireless Networking

Long Range RFID Hacking Tool To Be Released At Black Hat 73

msm1267 writes "Next week at the Black Hat Briefings in Las Vegas, a security researcher will release a modified RFID reader that can capture data from 125KHz low frequency RFID badges from up to three feet away. Previous RFID hacking tools must be within centimeters of a victim to work properly; this tool would allow an attacker or pen-tester to store the device inside a backpack and it would silently grab card data from anyone walking close enough to it.The researcher said the tool will be the difference between a practical and impractical attack, and that he's had 100 percent success rates in testing the device. Schematics and code will be released at Black Hat as well." Plus it's built using an Arduino.
This discussion has been archived. No new comments can be posted.

Long Range RFID Hacking Tool To Be Released At Black Hat

Comments Filter:
  • by K. S. Kyosuke ( 729550 ) on Wednesday July 24, 2013 @10:04AM (#44370339)
    ...as in, almost though not quite enough to reach into an American's personal bubble, but totally workable in Japan.
    • by intermodal ( 534361 ) on Wednesday July 24, 2013 @10:06AM (#44370359) Homepage Journal

      Until you put the Americans on any form of public transit. Metro, BART, DART, Marta, MARC, SEPTA, you name it. Grab a seat by the door and you're in business.

      • That was supposed to be a joke. Anyway, what are the options? Aren't there materials for shielding EM (well, mostly M) fields in the range of 10kHz-1MHz? One would assume that even if an owner of such RFID device frequented these crowded places, instead of, say, commuting by car, he wouldn't be willing to pull the thing out in such environments.
        • by Xicor ( 2738029 )
          any dense metal would block the signal... just walk around with a lead backpack and you should be fine
        • by plover ( 150551 )

          Shielding options? Sure, they're pretty cheap and easy. My passport has a shield built into the cover. It has to be opened to be read. And my passport card came with a foil sleeve that shields it. You can also buy RF shielding wallets in many places.

          But look at the people. People don't carry shields today because then their cards don't easily work at the readers. Watch people using the readers today, and you'll see. They like to wave their purse or wallet at the reader and walk on by. It's hardly a

        • by flux ( 5274 )

          The option is to make the cards secure in a fashion that it doesn't matter if someone unauthorized gets to access them.

      • by mythix ( 2589549 )

        except it doesn't mention how long it takes to be hacked

        • by plover ( 150551 )

          except it doesn't mention how long it takes to be hacked

          It takes exactly as long as it takes to read it. There is no encryption or security on these cards, so once they're read, the attacker has enough data to create a working clone.

          " *Beep* - clone's ready." Except for the part where the attacker doesn't put a beeper on his reader.

      • by Salgak1 ( 20136 )
        Or build it into a wall-wart or power-strip in a high-traffic area. Like the break room, or the power strip the coffee machine is plugged into. Sort of a next-gen Pwnie Express [pwnieexpress.com] or PwrPwn [pwnieexpress.com]. . .
    • More than plenty of places in the US where you would be crowded shoulder to shoulder. Or just hang out next to the entrance to a building with your bag resting on a potted tree, bench, windowsill, etc that's right next to the door... keeps you out of three foot range while still enabling your bag to be within it. Just be on your cell phone and people probably won't accuse you of loitering.

      • Not after what happened in Boston will an unintended bag in a public space be acceptable. At least in any major metropolitan area.

        The real winner will be someone who has the authority to stand there or the ability to blend into a crowded area. I would be security, maintenance, work the register, greeter at wal-mart, whatever; become a part of the building your scalping from so your unattended bag can be hidden and no one will say "OMG BOMB"

        • By "hang out next to the entrance", I meant stay with your bag, to avoid someone stealing it as much as someone suspecting a bomb. It's pretty common for people to put their bag next to them while they stand waiting or talking on the phone. That way, your bag can be several feet closer to the target area than if you were wearing it, still without arousing suspicion.

        • by plover ( 150551 )

          As he said, you could stand there by the door on your cell phone, with your back (and backpack) to the door, and nobody would question you.

          If you're shy, you could put the circuit in a plastic electrical box along with a battery pack, put a big wheelchair button on the face of it, and use double sided tape to stick the box next to the door reader. Then tape an "out of order" sign over it. Our world is filled with innocuous devices that don't scream "OMG BOMB".

          And I'm not a professional social engineer. I'

        • by cusco ( 717999 )
          Baloney. Co-worker left his backpack on the train the other day, he waited until the train turned around and came back and the backpack was still shoved under the seat where he left it.
          • There's a big difference between a backpack left next to a wall on an open floor near a door and one stuffed under a seat in a small space with confined viewing angles.

            Not to say the former would be noticed, but it's a lot more likely. It's much more probable that nobody actually noticed your friends bag, rather than noticed it and ignored it.
    • I think this is absurd. Why would anyone wear RFID tags on their feet? And who has three feet, anyway?
    • How many buildings in the USA have an ashtray/can next to their entrance? What about a potted plant (real or fake)? Walk across a raised computer floor recently?

      There are a ton of places this technology could hide within 3 feet of a purse/wallet.

      Is something wrong with your imagination?

  • I wouldn't necessarily qualify three feet as long range.

    But this could still pose a danger to the upcomming mass RFID use...

    • "Long" is a relative term. When going from a few centimeters to a meter, that's a an increase of 20 or thirty times.
      A rifle is long range compared to a pistol. A mortar is long range compared to a rifle. A cruise missile is long range compared to a mortar.

  • he's had 100 percent success rates in testing the device

    a 100% success rate between 2 failed attempts

  • Woo-hoo 3 feet!!! (Score:2, Insightful)

    by OzPeter ( 195038 )

    You can by commercial products that can read RFID tags from a lot further away. 5 seconds on google and I found long range passive rfid reader for vehicle management [alibaba.com] that claims 8 to 15 metres.

    I suspect that some researchers really don't have a clue as to what state of the art is.

    Plus when it comes to reading things via radio waves the most important thing is the antenna and not the computer connected to it. So saying "Plus it's built using an Arduino." is getting almost as bad as patents that are ".. usi

    • Re:Woo-hoo 3 feet!!! (Score:5, Informative)

      by Umuri ( 897961 ) on Wednesday July 24, 2013 @10:22AM (#44370555)

      You do realize the difference between low frequency and high frequency RFID right?
      Allow me to answer in Haiku:

      What you found yells loud,
      while this new device can hear,
      barely a whisper

      • I have developed RFID reader applications for the 4102 (125khz) chips and we could read them easily from 3-5 metres.
        Provided we used the right antenna (directional) and maxed the power output of course.

        Such a setup might be to big for disguised hacking.

        Still, a lot more of 'a few centimeters' should be no problem at all. Given the goal of hacking someone from afar, these previous 'hackers' have failed pretty hard if that's all they got.

    • Re:Woo-hoo 3 feet!!! (Score:4, Informative)

      by SJHillman ( 1966756 ) on Wednesday July 24, 2013 @10:22AM (#44370557)

      I believe it has to do with frequency. He's looking at the 125KHz range, which Wikipedia lists a range of about 10cm. The link you posted is for 860-928MHz, which Wikipedia lists as having a rnage of up to 12 meters.

      http://en.wikipedia.org/wiki/Radio-frequency_identification#Frequencies [wikipedia.org]

      • The 125khz chips can be read from several metres if you use the right setup.

        It's just usually not the desired. Applications based on these chips often use the limited range to do more selective readings.
        Say you want to read ONLY the tag on a single item in a stack and not pick up the other tags close by.

    • The link you supplied is for a UHF (~900 MHz) RFID reader. The researcher is presenting a device for a low freq (125 kHz) RFID reader.

      I agree specifying that it uses an arduino is a bit redundant.
  • http://www.muji.us/store/aluminum-card-case-thick.html [www.muji.us]

    It blocks your cards from being read, fits nicely in your shirt pocket, and durable and stylish ta boot.

    .
    • You could also just ask your bank to give you cards that don't have RFID in them... My bank gave me no argument or pushback at all when I asked them to do that.

      • You could also just ask your bank to give you cards that don't have RFID in them... My bank gave me no argument or pushback at all when I asked them to do that.

        Did you 'see' them take away the RFID?
        Just made me laugh, like the NSA providing a little checkbox if you want your name taken off the surveillance list (when it actually promotes your name on the list).

        • by plover ( 150551 )

          You can tell an RFID enabled card pretty easily. It's not kept secret. Your first clue should be the printing of the distinctive "radiating four parenthesis" logo that advertises "RFID within".

          Second, if you have a card that you might suspect has RFID in it, but you're not sure, look carefully at the surface of the card, particularly the reflections of light on the smooth surfaces. If the card has an embedded chip, it's often visible as a small (5mm, 3/16") squarish dimple, either on the back or the fron

      • by cusco ( 717999 )
        I told Chase that I didn't want the RFID on my replacement bank card. They sent the new card along with a nice pamphlet about how useful and convenient the included RFID was. I found that 3 seconds in the microwave will kill the chip, but 5 seconds will warp the card. The replacement for the replacement didn't have the chip. (Then they started charging for the "lifelong free checking" and we finally moved all our accounts to the credit union.)
        • I told Chase that I didn't want the RFID on my replacement bank card. They sent the new card along with a nice pamphlet about how useful and convenient the included RFID was.

          *shrugs* you need a new bank. I would have closed my account and gone to another bank if that was their response.

          (Then they started charging for the "lifelong free checking" and we finally moved all our accounts to the credit union.)

          I also would have cancelled my account over that.

  • I'm wondering now if it's time to buy a RIFD proof wallet. Anyone have experience with them? Do they work?

    • I don't think you want an RFID-proof wallet so much as a radio frequency blocking wallet. An RFID-proof wallet would just be silly, because then where would you keep your RFIDs?

      • I don't think you want an RFID-proof wallet so much as a radio frequency blocking wallet. An RFID-proof wallet would just be silly, because then where would you keep your RFIDs?

        What proof-level is RFID rated at anyway? American products are usually low-proof, so an American RFID-proof wallet likely wouldn't provide the kick you'd get from a German RFID-proof wallet.

    • Just put 2 RFID cards in the same wallet and you're guaranteed they will not work. Yes, I'm looking at you London Oyster card.
  • According to a relative of mine in law enforcement this attack is already in play in several major cities. Generally targeting Apple stores as the cards that are collected are more-likely to have higher limits and available balances. The CC thief generally stands at the entrance to the store with a backpack, and is automatically uploading card details to a central host. Those details are then written to blank cards and used in Casinos in Las Vegas within a matter of hours.
  • Once this applies to NFC, things will get interesting as just reading NFC gets you the track2 information of a credit card.

    Or take two smartphones and "pay" using the smartphone while you bill it to someone else without having to bump them. (NFC proxy).

  • by zero0ne ( 1309517 ) on Wednesday July 24, 2013 @01:33PM (#44372559) Journal

    125KHz is the same freq. that they use in the little rfid pills they inject to your pets...

    I'd love to be able to track / control my pets around the house with this

    - Sick cat? only give it access to one of the litter boxes.
    - Cat with different dietary requirements? Give them each their own bowl that are 5+ feet away from each other and have it with a door / retractable cover.
    - Outdoor cat? Have the cat door unlock when it gets close to it, but only for that one cat.

"Our vision is to speed up time, eventually eliminating it." -- Alex Schure

Working...