Dailydave mailing list archives
Re: VeriChip hack? (Sorry if this posts twice)
From: "Josh L. Perrymon" <joshuaperrymon () gmail com>
Date: Thu, 27 Jul 2006 14:06:40 +1000
I also have concerns with the RFID push. I have been contacting most of the companies pushing the technology like EPC and their response is " First we muct get the technology in the market, then we can worry about security". Good approach. I thought this was learned in the SDLC. So we are left with is a gap until about 2008 before Gen3 tags are rolled out. We alreayd have issues with session replay, Signal Jamming, altering data content, zapping tags, RFID Malware, RFID SQL INjection, so on. A lot of work is being done with encryption, challenge-repsonse, one-way hashing, so on.. but these leave the tags open to location attacks. Basically, if a one-way hash is used then the tag will respond with the same ID- this could be used to locate the tag. Same thing for IFF used by the air-force back in the days. They put the transponders to ID the planes.. then the opposition picked up on this and could then ID the planes as well. Lessons learned? My thoughts are on the ability to detect rogue devices and tags to minimize risk until these concerns are covered in something like Gen3. Cheers, Joshua Perrymon PacketFocus.com On 7/27/06, Michael Krymson <krymson () gmail com> wrote:
A commenter on a news link I read today said that the presenters only demonstrated grabbing the unique ID off the RFID. Unfortunately, the rest of the data is supposedly more encrypted and it is not a concern to leak the unique ID itself. I cannot attest to this firsthand, but perhaps someone here can. Either way, there are three truths to this new technology: - It will happen. That's just the way technology is...not everything gets turned away like e-voting (sort of) - It will be insecure and will cause problems...but then again, do fake IDs, passports, etc. - It will be the next big thing since virtualization steam-rolled into the industry Nick Selby wrote:Anyone see the demo on the verichip hack at hope? Anyone have any opinion on the demo, like, was it successful :) ? Apologies again if this posts twice. ------------------------------------------------------------------------ _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- VeriChip hack? (Sorry if this posts twice) Nick Selby (Jul 26)
- Re: VeriChip hack? (Sorry if this posts twice) Michael Krymson (Jul 26)
- Re: VeriChip hack? (Sorry if this posts twice) Josh L. Perrymon (Jul 27)
- Re: VeriChip hack? (Sorry if this posts twice) Jared DeMott (Jul 27)
- Re: VeriChip hack? (Sorry if this posts twice) Curt Wilson (Jul 27)
- Re: VeriChip hack? (Sorry if this posts twice) dan (Jul 27)
- Re: VeriChip hack? (Sorry if this posts twice) Jared DeMott (Jul 27)
- Re: VeriChip hack? (Sorry if this posts twice) Josh L. Perrymon (Jul 28)
- Re: VeriChip hack? (Sorry if this posts twice) Dave Korn (Aug 03)
- Re: VeriChip hack? (Sorry if this posts twice) Josh L. Perrymon (Jul 27)
- Re: VeriChip hack? (Sorry if this posts twice) Alex J Lennon (Jul 28)
- Re: VeriChip hack? (Sorry if this posts twice) Michael Krymson (Jul 26)
- Re: VeriChip hack? Sarb (Jul 27)