Penetration Testing mailing list archives
RE: RFID Tags
From: Steven Trewick <STrewick () joplings co uk>
Date: Wed, 12 May 2004 17:18:42 +0100
I was under the impression, (which may well not be correct) that passive RFID tags derive their operational power supply from the radio signal transmitted by the reader. If this is the case, is it not possible to simply transmit a higher power signal, and thus boost the response from the tag to gain more range? (Obviously, this becomes the arms/armour cycle in the end if we are talking about shielding.) Or even simply build an extremely sensitive receiver and place it near where the cards will be used ? (etc)
Higher power, based on what? And what about the nearer RFIDs you cook
while
trying to get enough power to the ones that are further away? And of course this assumes that you can get enough gain without
overloading
all of them (or cooking your own gonads).
Yowza ! Yes, this argument is not based on my sound knowledge of RF engineering, (because I dont have any) but on some stuff I read on the net, viz : "But what about a more powerful RFID reader, created by criminals or police who don't mind violating FCC regulations? Eric Blossom, a veteran radio engineer, said it would not be difficult to build a beefier transmitter and a more sensitive receiver that would make the range far greater. "I don't see any problem building a sensitive receiver," Blossom said. "It's well-known technology, particularly if it's a specialty item where you're willing to spend five times as much." which can be found here : http://news.com.com/2010-1069-980325.html This may be tosh as far as I know, but it sounds plausible, (assuming one can overcome the problems mentioned above (particularly the one about Gonads! Tin foil hats again, methinks)
And this all assumes that all the credit cards in the wallet don't respond at the same time, on the same frequency, thus garbling the results.
These are different tags than you find in a credit card. Keep in mind that all RFID is, by definition, is something that transmits
an
identifier using radio signals. As such, there are vastly different implementations, with solutions for different problems.
Yes they do indeed (OK, I finally googled ;-) Here's some : http://www.microchip.com/ParamChartSearch/chart.aspx?branchID=1204&mid=&lang =en&pageId=76 Interestingly, we can see that some have Anti Colision, and some don't, so all the scenarios we discuss are going to depend on what exact tech is deployed. (But then, when isnt it ??) I can see arguments either way for putting anti-collision on CC tags, but since I have not seen any RFID implementations any more sophisticated than those used in anti-theft systems, its impossible for me to even guess what manufacturers/card issuers might feel is appropriate in the future. Interestingly, according to the following, http://www.aimglobal.org/technologies/rfid/what_is_rfid.asp One of the form factors an RFID tag can take is " credit-card shaped for use in access applications" So perhaps we wouldnt be looking at a tag *on* a card, but a tag that *is* a card (with side glance to the obvious "wheres the mag stripe/backward combatibility" technical challenge, of course) For now I think I'll keep an open mind on weather some scumbag can tell what type of pants I'm wearing from the other side of the room, and try and figure out weather I should care '-) (Oh, and on making another tinfoil, erm, 'hat'!) Peace and stuff. </code> The information contained in this e-mail is confidential and may be privileged, it is intended for the addressee only. If you have received this e-mail in error please delete it from your system. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the company. Whilst Joplings Group operates an e-mail anti-virus program it does not accept responsibility for any damage whatsoever that is caused by viruses being passed. joplings.co.uk ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- RE: RFID Tags, (continued)
- RE: RFID Tags ktabic (May 12)
- RE: RFID Tags Rob Shein (May 11)
- RE: RFID Tags lsi (May 12)
- RE: RFID Tags James Hester (May 12)
- Re: RFID Tags c3rb3r (May 12)
- Re: RFID Tags c0ncept (May 16)
- RE: RFID Tags Rob Shein (May 12)
- Re: RFID Tags Mister Coffee (May 17)
- Re: RFID Tags lsi (May 19)
- Re: RFID Tags Mister Coffee (May 19)
- Re: RFID Tags lsi (May 21)
- Re: RFID Tags Richard Rager (May 21)
- Re: RFID Tags Mister Coffee (May 21)