Penetration Testing mailing list archives
RE: RFID Tags
From: "Thompson, Jimi" <JimiT () mail cox smu edu>
Date: Wed, 12 May 2004 16:43:51 -0500
<SNIP>
It seems to me that some of these attacks sound great at first, but
break
down when you consider how it would REALLY play out. For one, if you
get on the train and inventory everyone's clothing...how do you know which shirt
goes with which pants or shoes?
Easy - signal strength. </SNIP> Let's go back to our hypothetical commuter train for a moment. I think that this would be more valuable in a targeted attack than a general fishing expedition. Let's pretend for a moment that I'm a black hat and I'm looking to score. The one thing people carry with them that's the most valuable is data. If I've been hired by ABC Company to snoop on XYZ Company, all I have to do find out which train the Finance Manager, Senior Director John Doe, rides on. Now I walk up to him, and instead of bumping into everyone on the train, I just bump into John Doe. By doing this, I've just cloned the contents of his wallet, PDA, cell phone, and briefcase. If the business cards he's got tucked away carry RFID, I know who his business contacts are. His cell phone will give me even more data. Since cell encryption is a joke, at least in the US, I should be able to tap in to all the important cell numbers and monitor their discussions. I might even be able to remotely activate the phone and with the contents of his PDA, I'll have a better idea of when I want to listen. I can probably find out what his credit cards are being used for, even if I can't charge things on them myself. I'll know where he shops, since his clothing and other items all have RFID. How much more do you want to "own" someone? Using the information that tapping his personal data gives me, I can expand my net to include other employees of XYZ Company. If he's doing anything indiscreet, I'm going to know about it in fairly short order and then he's really mine. <SNIP> As for credit cards, this is extremely easy to deal with. The cards
themselves that have been seen so far have a very limited range,
measured in
inches. I can think of a wallet design that would shield the cards a
bit, It's a plan, but this is just asking for the Black Hat to use a stronger transceiver. It's just building a higher fence; not really a long-term solution. </SNIP> I can't get end users to quit downloading on line Casino software. I'm certainly not going to be able to get them to purchase shielded wallets! <SNIP>
up against everyone like a comically-indiscreet pickpocket. And this
all
assumes that all the credit cards in the wallet don't respond at the
same
time, on the same frequency, thus garbling the results.
</SNIP> Again, I think this is far more likely to be used in a targeted attack than a generalize attack. <SNIP> Unfortunately, the real world dictates that security be a feature of pretty well everything. </SNIP> <SNIP> I imagine that a database will be built which will list individual numbers, and ranges of numbers, which are known to correspond to specific items. </SNIP> You mean like the lists that exist of police and fire radio frequencies, which are supposed to be "secret". <SNIP>
A RFid tag has big limitations too, once you chop off part of the
antenna
it's worthless. The physics of radio waves limits that.
</SNIP> Why should the attack simply be to read the data? What if I replace the data? Or what if I just destroy the data? Or if I'm a terrorist and I want to hide my identity? Can I obscure the data from law enforcement while I'm in a crowd at say a rock concert? 2 cents, Jimi Thompson ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- RE: RFID Tags, (continued)
- RE: RFID Tags Rob Shein (May 11)
- RE: RFID Tags lsi (May 12)
- RE: RFID Tags James Hester (May 12)
- Re: RFID Tags c3rb3r (May 12)
- Re: RFID Tags c0ncept (May 16)
- RE: RFID Tags Rob Shein (May 11)
- RE: RFID Tags Rob Shein (May 12)
- Re: RFID Tags Mister Coffee (May 17)
- Re: RFID Tags lsi (May 19)
- Re: RFID Tags Mister Coffee (May 19)
- Re: RFID Tags lsi (May 21)
- Re: RFID Tags Richard Rager (May 21)
- Re: RFID Tags Mister Coffee (May 21)