Long Range RFID Hacking Tool To Be Released At Black Hat 73
msm1267 writes "Next week at the Black Hat Briefings in Las Vegas, a security researcher will release a modified RFID reader that can capture data from 125KHz low frequency RFID badges from up to three feet away. Previous RFID hacking tools must be within centimeters of a victim to work properly; this tool would allow an attacker or pen-tester to store the device inside a backpack and it would silently grab card data from anyone walking close enough to it.The researcher said the tool will be the difference between a practical and impractical attack, and that he's had 100 percent success rates in testing the device. Schematics and code will be released at Black Hat as well."
Plus it's built using an Arduino.
Three feet away... (Score:5, Funny)
Re:Three feet away... (Score:5, Insightful)
Until you put the Americans on any form of public transit. Metro, BART, DART, Marta, MARC, SEPTA, you name it. Grab a seat by the door and you're in business.
Re: (Score:2)
Re: (Score:2)
Re:Three feet away... (Score:5, Funny)
Burn lots of calories carrying around the extra weight, too...
Hmm. I like your ideas and wish to subscribe to your newsletter.
Re: (Score:2)
Try aluminum foil.
Re: (Score:3)
Shielding options? Sure, they're pretty cheap and easy. My passport has a shield built into the cover. It has to be opened to be read. And my passport card came with a foil sleeve that shields it. You can also buy RF shielding wallets in many places.
But look at the people. People don't carry shields today because then their cards don't easily work at the readers. Watch people using the readers today, and you'll see. They like to wave their purse or wallet at the reader and walk on by. It's hardly a
Re: (Score:3)
Re: (Score:2)
Good question!
My bifold wallet is full of ID cards and other litter, and almost devoid of cash :-) and is thick enough that it doesn't meet at the edges. It's not sealed like a passport booklet. I keep two NFC cards in it, and I've found they tend to interfere with each other if I try to use either one when the wallet is closed. I've learned that to board a train I need to flip the wallet open to the side with the transit card, and it reads very quickly and reliably.
Passports close very flat. When CBP w
Re: (Score:2)
I own this http://www.thinkgeek.com/product/8cdd/?rkgid=275668648&cpg=ogpla&source=google_pla&device=c&network=g&matchtype=&gclid=CJP-74zKyLgCFc4-MgodGFgA3g [thinkgeek.com]
It works, I have to take my wallet out and open it for the reader to register my card at work.
Re: (Score:2)
Re: (Score:3, Interesting)
At last year's BlackHat, a foil gum wrapper on one side of the badge was enough to block transmission.
If this more powerful emitter will somehow get past that, I recommend someone use this technology for beefing up regular readers; not to 3 feet, but at least to get the readers working reliably at 1".
An even better reader design would be to have a cage around the reader that shields the card from most directions when it is presented.
Re: (Score:2)
At last year's BlackHat, a foil gum wrapper on one side of the badge was enough to block transmission.
Not surprising. You don't need a great shield to block RFID. What most people overlook is that RFID tags are passive - they get the power for operation from the receive signal itself. Therefore they need a much higher receive signal than even the cheapest radio. Your reader could have the most sensitive receiver in the world, but it won't help unless the tag is receiving enough power.
Re: (Score:2)
The option is to make the cards secure in a fashion that it doesn't matter if someone unauthorized gets to access them.
Re: (Score:1)
except it doesn't mention how long it takes to be hacked
Re: (Score:2)
except it doesn't mention how long it takes to be hacked
It takes exactly as long as it takes to read it. There is no encryption or security on these cards, so once they're read, the attacker has enough data to create a working clone.
" *Beep* - clone's ready." Except for the part where the attacker doesn't put a beeper on his reader.
Re: (Score:1)
Exactly. It takes no longer than reading the card does anywhere else. It's pretty much instant.
Re: (Score:2)
Re: (Score:1)
Obviously walking is how you get from your large personal vehicle to your golf cart when you arrive at your destination.
Re: (Score:2)
More than plenty of places in the US where you would be crowded shoulder to shoulder. Or just hang out next to the entrance to a building with your bag resting on a potted tree, bench, windowsill, etc that's right next to the door... keeps you out of three foot range while still enabling your bag to be within it. Just be on your cell phone and people probably won't accuse you of loitering.
Re: (Score:1)
Not after what happened in Boston will an unintended bag in a public space be acceptable. At least in any major metropolitan area.
The real winner will be someone who has the authority to stand there or the ability to blend into a crowded area. I would be security, maintenance, work the register, greeter at wal-mart, whatever; become a part of the building your scalping from so your unattended bag can be hidden and no one will say "OMG BOMB"
Re: (Score:2)
By "hang out next to the entrance", I meant stay with your bag, to avoid someone stealing it as much as someone suspecting a bomb. It's pretty common for people to put their bag next to them while they stand waiting or talking on the phone. That way, your bag can be several feet closer to the target area than if you were wearing it, still without arousing suspicion.
Re: (Score:2)
As he said, you could stand there by the door on your cell phone, with your back (and backpack) to the door, and nobody would question you.
If you're shy, you could put the circuit in a plastic electrical box along with a battery pack, put a big wheelchair button on the face of it, and use double sided tape to stick the box next to the door reader. Then tape an "out of order" sign over it. Our world is filled with innocuous devices that don't scream "OMG BOMB".
And I'm not a professional social engineer. I'
Re: (Score:3)
Re: (Score:3)
Not to say the former would be noticed, but it's a lot more likely. It's much more probable that nobody actually noticed your friends bag, rather than noticed it and ignored it.
Re: (Score:2)
Re: (Score:2)
You never taken PATH train or Subway in NYC have you? This would totally work, time to buy stock in lead wallets.
Lead wallets? The cards aren't read with X-rays! Aluminum foil works fine to block the RF emissions.
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
How many buildings in the USA have an ashtray/can next to their entrance? What about a potted plant (real or fake)? Walk across a raised computer floor recently?
There are a ton of places this technology could hide within 3 feet of a purse/wallet.
Is something wrong with your imagination?
Long range (Score:1)
I wouldn't necessarily qualify three feet as long range.
But this could still pose a danger to the upcomming mass RFID use...
Re: (Score:3)
"Long" is a relative term. When going from a few centimeters to a meter, that's a an increase of 20 or thirty times.
A rifle is long range compared to a pistol. A mortar is long range compared to a rifle. A cruise missile is long range compared to a mortar.
Sounds legit (Score:1)
he's had 100 percent success rates in testing the device
a 100% success rate between 2 failed attempts
Woo-hoo 3 feet!!! (Score:2, Insightful)
You can by commercial products that can read RFID tags from a lot further away. 5 seconds on google and I found long range passive rfid reader for vehicle management [alibaba.com] that claims 8 to 15 metres.
I suspect that some researchers really don't have a clue as to what state of the art is.
Plus when it comes to reading things via radio waves the most important thing is the antenna and not the computer connected to it. So saying "Plus it's built using an Arduino." is getting almost as bad as patents that are ".. usi
Re:Woo-hoo 3 feet!!! (Score:5, Informative)
You do realize the difference between low frequency and high frequency RFID right?
Allow me to answer in Haiku:
What you found yells loud,
while this new device can hear,
barely a whisper
Re: (Score:2)
I have developed RFID reader applications for the 4102 (125khz) chips and we could read them easily from 3-5 metres.
Provided we used the right antenna (directional) and maxed the power output of course.
Such a setup might be to big for disguised hacking.
Still, a lot more of 'a few centimeters' should be no problem at all. Given the goal of hacking someone from afar, these previous 'hackers' have failed pretty hard if that's all they got.
Re:Woo-hoo 3 feet!!! (Score:4, Informative)
I believe it has to do with frequency. He's looking at the 125KHz range, which Wikipedia lists a range of about 10cm. The link you posted is for 860-928MHz, which Wikipedia lists as having a rnage of up to 12 meters.
http://en.wikipedia.org/wiki/Radio-frequency_identification#Frequencies [wikipedia.org]
Re: (Score:2)
The 125khz chips can be read from several metres if you use the right setup.
It's just usually not the desired. Applications based on these chips often use the limited range to do more selective readings.
Say you want to read ONLY the tag on a single item in a stack and not pick up the other tags close by.
Re: Woo-hoo 3 feet!!! (Score:2)
I agree specifying that it uses an arduino is a bit redundant.
May I recommend... (Score:2)
It blocks your cards from being read, fits nicely in your shirt pocket, and durable and stylish ta boot.
.
Re: (Score:2)
You could also just ask your bank to give you cards that don't have RFID in them... My bank gave me no argument or pushback at all when I asked them to do that.
Re: (Score:2)
You could also just ask your bank to give you cards that don't have RFID in them... My bank gave me no argument or pushback at all when I asked them to do that.
Did you 'see' them take away the RFID?
Just made me laugh, like the NSA providing a little checkbox if you want your name taken off the surveillance list (when it actually promotes your name on the list).
Re: (Score:3)
You can tell an RFID enabled card pretty easily. It's not kept secret. Your first clue should be the printing of the distinctive "radiating four parenthesis" logo that advertises "RFID within".
Second, if you have a card that you might suspect has RFID in it, but you're not sure, look carefully at the surface of the card, particularly the reflections of light on the smooth surfaces. If the card has an embedded chip, it's often visible as a small (5mm, 3/16") squarish dimple, either on the back or the fron
A good flashlight does wonders too (Score:2)
Just light the back of the card up and you'll see the rfid antenna and chip. Sunlight might do the job if the card is thin enough.
Re: (Score:2)
Re: (Score:2)
I told Chase that I didn't want the RFID on my replacement bank card. They sent the new card along with a nice pamphlet about how useful and convenient the included RFID was.
*shrugs* you need a new bank. I would have closed my account and gone to another bank if that was their response.
(Then they started charging for the "lifelong free checking" and we finally moved all our accounts to the credit union.)
I also would have cancelled my account over that.
RIFD Proof Wallets? (Score:2)
I'm wondering now if it's time to buy a RIFD proof wallet. Anyone have experience with them? Do they work?
Re: (Score:3)
I don't think you want an RFID-proof wallet so much as a radio frequency blocking wallet. An RFID-proof wallet would just be silly, because then where would you keep your RFIDs?
Re: (Score:1)
I don't think you want an RFID-proof wallet so much as a radio frequency blocking wallet. An RFID-proof wallet would just be silly, because then where would you keep your RFIDs?
What proof-level is RFID rated at anyway? American products are usually low-proof, so an American RFID-proof wallet likely wouldn't provide the kick you'd get from a German RFID-proof wallet.
Re: (Score:2)
This is already in the wild... (Score:2)
Will be more interesting with NFC... (Score:2)
Once this applies to NFC, things will get interesting as just reading NFC gets you the track2 information of a credit card.
Or take two smartphones and "pay" using the smartphone while you bill it to someone else without having to bump them. (NFC proxy).
This is awesome (Score:3)
125KHz is the same freq. that they use in the little rfid pills they inject to your pets...
I'd love to be able to track / control my pets around the house with this
- Sick cat? only give it access to one of the litter boxes.
- Cat with different dietary requirements? Give them each their own bowl that are 5+ feet away from each other and have it with a door / retractable cover.
- Outdoor cat? Have the cat door unlock when it gets close to it, but only for that one cat.
Re: (Score:2)