Penetration Testing mailing list archives
Re: RFID Tags
From: c0ncept <c0ncept () sbcglobal net>
Date: Fri, 14 May 2004 09:34:16 -0700 (PDT)
Does anybody have any links to specs for RFID implementations; I would imagine they would have to be somewhat standarized to enable interoperation of RFID tags and readers from seperate vendors. It would be intresting to know how big the RFID value namespace is, as well as the feasability of reading RFID tags from a distance using high-gain antennas. The majority of the documentation I am familiar with is from manufacturing industry journals that tend to give a higher-level 'decision-maker' oriented overview, rather than the gory technical details. Regards, c0ncept --- c3rb3r <c3rb3r () sympatico ca> wrote:
There are already in-use security applications for RFID, for instance HID is selling access keys/cards/readers/programmers to identify enployees and control access to buildings/offices. it would be interresting to see how easy it is to duplicate an existing key and thus to impersonate an employee, one for instance may stand near the door with a reader in the pocket and harvests keys, then later duplicates keys at home with a programmer. I have seen no pocket readers so far but would it be such a pain for an electronic enthusiast to build one ? also programmer and keys are inexpensive and quite accessible for the public. i don 't see any reference either to encryption in HID products documentations, just different data formats needed to be compliant with several card models. This looks rather like data encoding than data encryption. I m aware of many buildings around there already using this vendor techno so i 'm wondering if such a replay attack is realistic ? If so it is a very serious issue, has anybody already some experience in this area ? cheers Gregory some references: foxpro key:
http://www.hidcorp.com/products/proximityproducts/proxkey2.html
programmer:
http://www.hidcorp.com/products/proximityproducts/proxprogrammer.html
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- RE: RFID Tags, (continued)
- RE: RFID Tags James Hester (May 10)
- Re: RFID Tags Rogan Dawes (May 11)
- RE: RFID Tags James Hester (May 11)
- Re: RFID Tags Rogan Dawes (May 11)
- Re: RFID Tags lsi (May 11)
- RE: RFID Tags James Hester (May 11)
- RE: RFID Tags ktabic (May 12)
- RE: RFID Tags Rob Shein (May 11)
- RE: RFID Tags lsi (May 12)
- RE: RFID Tags James Hester (May 12)
- Re: RFID Tags c3rb3r (May 12)
- Re: RFID Tags c0ncept (May 16)
- RE: RFID Tags James Hester (May 11)
- RE: RFID Tags James Hester (May 10)
- RE: RFID Tags Rob Shein (May 12)
- Re: RFID Tags Mister Coffee (May 17)
- Re: RFID Tags lsi (May 19)
- Re: RFID Tags Mister Coffee (May 19)
- Re: RFID Tags lsi (May 21)