Re: Sniffing RFID ID's ( Physical Security )

["Josh L. Perrymon" <joshuaperrymon () gmail com>]

I'm just looking to validate if this is the case.
Are most RFID access control cards susceptable to interception? I can see
the security features built into something like RFID Credit Cards.. but I'm
betting this is not the case with RFID access cards.

Obviously, I can't validate this until I get a RFID reader/writer.

If this is the case then it's a global problem. Not only for accessing a
building illegally-- but this is a form of stealing a users identify. A lot
of companies use the backend data from the card readers to trend workers
in/out time and areas accessed. blah blah blah.

Plus, I'd like to try this on my next on-site hack.


JP
PacketFocus.com

On 6/27/06, mikeiscool <michaelslists () gmail com> wrote:
> On 6/27/06, Josh L. Perrymon <joshuaperrymon () gmail com> wrote:
> > My post was based more on *existing* RFID implementations used for
> physical
> > security access cards.
> >
> > I know that non-contact cards such as RFID Credit Cards use encryption
> so
> > on...  But are still vulnerable to non-authorized transactions.. I'm
> mean..
> > there is no green button you push to authorize the transaction.
> >
> > But I just don't believe that the RFID access-card I use to access
> client
> > premeises use any type of encryption or only communicate with specific
> > readers.
> >
> > IF* this is the case then an attacker should have no problems powering
> the
> > card and making a "copy" of the contents.
>
> so what's your question then? how your card works? or how to make it
> secure?
>
>
> > JP
> > PacketFocus
> >
> > www.packetfocus.com
> > josh.perrymon () packetfocus com
>
> -- mic
> CMLRA, Mirios
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/