Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Hacking RFID Tags Is Easier Than You Think: Black Hat

    By
    Sean Michael Kerner
    -
    August 1, 2013
    Share
    Facebook
    Twitter
    Linkedin
      hacking

      UPDATED SEPT. 28, 2016: In the last three years, much has changed in RFID technology. In 2013, 125KHz RFID proximity badges were the default in nearly all deployments, but that’s no longer the case in 2016.

      In a follow-up interview, Francis Brown, managing partner at security firm Bishop Fox, noted that since 2013, he has seen many organizations make the switch to newer, more secure high-frequency contactless card systems. Despite increased efforts and progress made by some companies in recent years to upgrade to more secure contactless card systems, the large majority of physical access control systems out there are still legacy 125KHz proximity card deployments, he said.

      “I think my 2013 talk really hit home for a lot of people, and finally broke the inertia and motivated companies to take corrective action and protect themselves,” Brown told eWEEK. “It ended up getting a lot of attention, especially when the hit show, “Mr. Robot,” ended up using the Tastic RFID Thief to pull off their biggest hack against Evil Corp. in Season 1 [July 2015].”

      The same Tastic RFID Thief tool that Brown built in 2013 still works in 2016. The original attack focused on the 125KHz RFID system, but since 2013, Bishop Fox has demonstrated how it can be used to attack newer high-frequency badge systems like those for HID iCLASS access control systems, Brown said.
      At Defcon 23 in 2015, Brown released additional tools for RFID hacking of badges, readers and controllers. Bishop Fox maintains a web page where it lists the current tools that are available.
      Bishop Fox demonstrated its Danger Drone airborne hacking technology at the Black Hat USA 2016 security conference. It’s a tool that Brown unabashedly admits has been used for RFID badge stealing, too.
      “I’ll admit, the Danger Drone isn’t as practical of a tool for RFID badge stealing when compared to walking by someone with the stealthy Tastic RFID Reader hidden in a messenger bag,” Brown said. “However, it is a bit more fun. I’m sure you can imagine scenarios where we have the drone flying by unsuspecting business folks, getting within the couple feet necessary to get a read on their proximity badges … and scaring the crap out of them. “
      On a more serious note, Brown said that the Danger Drone was originally conceived as a possible alternative to RFID badge hacking attacks altogether. The Tastic RFID Thief was designed to steal badge info, so that Bishop Fox researchers could create a cloned card and then enter a target facility in order to gain physical access to restricted internal networks and devices. While the Tastic RFID Thief approach has been effective for Bishop Fox thus far, Brown said that with the Danger Drone, his company could eliminate its physical exposure and risk of being apprehended.
      “Rather than breaking in and plugging in, we could instead land on the roof, hack the WiFi and obtain the same unauthorized access to a target building’s internal network,” Brown said.
      Here’s eWEEK’s Original Report From July 31, 2013:

      LAS VEGAS—Radio-frequency identification tags are widely deployed around the world and commonly used for building security system cards. As it turns out, those RFID security cards might not be all that secure.

      That is the conclusion of Francis Brown, managing partner at security firm Bishop Fox, who detailed his research on RFID hacking on July 31 at the Black Hat security conference here. In an interview with eWEEK, Brown said he started out doing his RFID research focused on a specific requirement: He needed to break in to a building.

      Although there are multiple types of RFID technologies, the focus of Brown’s efforts is on the 125KHz frequency, which is the primary technology used for badge readers and physical security systems in buildings.

      According to Brown there are three steps to hacking RFID. Step one is trying to steal the badge information from somebody as they walk by.

      “I want to be able to silently and discretely steal that information as I walk by them,” Brown said.

      Step two is to make a copy of the RFID badge-reader card. Step three is the penetration tester, which is then able to get access to the target building.

      “Out of those three steps, the part that was most lacking in terms of existing tools was step one,” Brown said.

      To aid in the silent theft of RFID information from unassuming passersby, Brown developed an open-source Arduino-based tool. Arduino is an open-source electronic prototyping platform often used by artists, designers and others.

      “What I basically did, is take a long-range reader, that is typically meant for parking garages, to collect the RFID data,” Brown said. “Normally, you’d run a wire from the reader down a pole and into a building with a computer that makes the decision on whether the badge is valid or not.”

      Brown is using the Arduino-powered tool to get the output, instead of it going into a building computer. At Black Hat, Brown is releasing the code that will need to run on the Arduino.

      “I’m letting the reader do all the work, and the Arduino is processing it and writing it to a text file,” Brown explained.

      Brown, who acquired the RFID reader on eBay, explained that for legal reasons it’s not possible to build an RFID reader due to a number of patent-related concerns.

      The RFID output that the Arduino gets is a 10-digit hexadecimal. With that in hand, Brown said it’s simple to replicate the remotely stolen information using a Proxmark device.

      The unfortunate reality, according to Brown, is that with most of the building security badges that are running at 125KHz, there is no secure authentication mechanism.

      “Basically, if the card gets close enough to a card reader, it just starts yelling out its ones and zeroes,” Brown said.

      He added that there are more secure solutions available from commercial RFID vendor HID, though they are not widely deployed.

      So how can people protect themselves and their badge IDs from being remotely stolen?

      The simple fix could be as easy as having a protective sleeve or wallet to keep the security badge information safe.

      “The number-one catch with the RFID badge sleeve is that some of them work and some of them don’t,” Brown said. “My recommendation is that before you buy them, make sure you test them out to make sure they actually work.”

      Sean Michael Kerner is a senior editor at eWeek and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×