Dailydave mailing list archives
Re: VeriChip hack? (Sorry if this posts twice)
From: Pusscat <pusscat () gmail com>
Date: Thu, 27 Jul 2006 13:27:09 -0400
Funny that they wouldn't use some sort of challenge-response... On 7/26/06 9:04 PM, "Nicholas Andre DePetrillo" <nick () oshean org> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I saw the HOPE presentation myself. I was under the impression that nothing on the VeriChip was encrypted. Also they were able to read the unique ID off the chip through the skin, then replay it to the VeriChip reader and have it accepted as valid. So basically they could brush up against you in an elevator, then go to the RFID reader at a secure location and replay it back as if you scanned your implanted RFID chip. Very cool and possibly a sign of things to come. Hopefully a wake up call to RFID chip makers. On Wed, Jul 26, 2006 at 05:35:24PM -0700, Shawn Fitzgerald wrote:I don't know anything about this specific hack but a lot of the RFID attacks that have been surfacing are not very interesting and/or new. They generally have to do with how the RFID is used rather than some problem with the tech itself. For example if some system implements a key by just broadcasting a code, well thats just stupid and it can be sniffed. If the system is using some sort of challenge response, thats different. That being said some of the older protocol attacks such as relay attacks (i.e. grand-master chess problem) are VERY relevant for the typical RFID system. Also it still is not clear if RFID is less vulnerably to your typical side channel attack (e.g. DPA/SPA type). bottom line is that one can look at the design and determine if the RFID is vulnerably to the typical attacks being published. Cheers, Shawn On Jul 26, 2006, at 10:47 AM, Nick Selby wrote:Anyone see the demo on the verichip hack at hope? Anyone have any opinion on the demo, like, was it successful :) ? Apologies again if this posts twice. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave- -- Nick DePetrillo Network Security Engineer OSHEAN Office: (401) 295-0550 Ext. 5 E-Mail/Jabber XMPP: nick () oshean org PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x121245B5 PGP Fingerprint: 27AF 66D3 2CB7 68F5 B326 65F6 DE11 0183 1212 45B5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFEyBEg3hEBgxISRbURAofhAKCvJ6zyZmEDFlsZlYol/IMZ4PXThACgqum+ PMwC6pWSwPix9LIZnzQZWBY= =mkHU -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
~ Puss _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: VeriChip hack? (Sorry if this posts twice), (continued)
- Re: VeriChip hack? (Sorry if this posts twice) Curt Wilson (Jul 27)
- Re: VeriChip hack? (Sorry if this posts twice) dan (Jul 27)
- Re: VeriChip hack? (Sorry if this posts twice) Jared DeMott (Jul 27)
- Re: VeriChip hack? (Sorry if this posts twice) Josh L. Perrymon (Jul 28)
- Re: VeriChip hack? (Sorry if this posts twice) Dave Korn (Aug 03)
- Re: VeriChip hack? (Sorry if this posts twice) Alex J Lennon (Jul 28)
- Re: VeriChip hack? Sarb (Jul 27)
- Re: VeriChip hack? (Sorry if this posts twice) Nicholas Andre DePetrillo (Jul 27)
- Re: VeriChip hack? (Sorry if this posts twice) Pusscat (Jul 27)