Penetration Testing mailing list archives

RE: Radio Signal Pent test (RFID)

From: "Josh Perrymon" <perrymonj () networkarmor com>
Date: Thu, 15 Dec 2005 15:46:08 -0600

I'm doing a lot of research and looking into RFID pen-testing.

My ideas would be to look at the RFID system as a whole not just the tags...  GEN2 has some security features built in 
but I'm not sure how many people use it.. It was developed by a vendor and of course they push their hardware ..

I'm looking at how far RFID can be sniffed... then are the tags writable?

Could you sit in the parking lot and grab the inventory?  Could you enter Wal-*** and write prices to the tags?

What about the wireless backend to send the data from the RFID sensors to the DB or inventory software? What about the 
Software itself..???

J Perrymon

-----Original Message-----
From: arif.jatmoko () sea ccamatil com [mailto:arif.jatmoko () sea ccamatil com] 
Sent: Thursday, December 15, 2005 2:53 AM
To: Louie
Cc: pen-test () securityfocus com
Subject: Re: Radio Signal Pent test (RFID)




Pen-test against RFID is not targeted to excryption or data transmission,
but primarily is information stored inside the tags itself. You could try
www.rfdump.org.
However some research proven that RFID transmitted data also can be
decrypted. But I think this could be different among products
implementation.

Arif Jatmoko

|+----------------------------+-------------------------------------------|
||   "Louie"                  |                                           |
||   <bklow () tahaninsurance com|           To:                             |
||   >                        |   <pen-test () securityfocus com>            |
||                            |           cc:        (bcc: Arif           |
||   12/15/2005 08:07 AM      |   Jatmoko/IDN/SEA/CCA)                    |
||                            |           Subject:        Radio Signal    |
||                            |   Pent test (RFID)                        |
||                            |                                           |
|+----------------------------+-------------------------------------------|






Dear all,
           I would like to ask if some has done radio signal pen test
(RFID), what are the tools used. Thanks

Regards,

Louie


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers
do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------






_______________________________________________________________________________
Visit us at www.coca-colabottling.co.id

CAUTION: 
This message may contain privileged and confidential information intended only for the use of the addressee named 
above. If you are not the intended recipient of this message, you are hereby notified that any use, 
dissemination,distribution, or reproduction of this message is prohibited. If you have received this message in error, 
please notify Coca-Cola Bottling Indonesia immediately. Any views expressed in this message are those of the individual 
sender and may not necessarily reflect the views of Coca-Cola Bottling Indonesia.


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------





------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

Re: Radio Signal Pent test (RFID) arif . jatmoko (Dec 15)
- RE: Radio Signal Pent test (RFID) Chris Serafin (Dec 16)
- <Possible follow-ups>
- RE: Radio Signal Pent test (RFID) Josh Perrymon (Dec 17)
  - Re: Radio Signal Pent test (RFID) Byron Sonne (Dec 18)
  - Re: Radio Signal Pent test (RFID) toe ... (Dec 26)
- Re: Re: Radio Signal Pent test (RFID) contact_jamie_fisher (Dec 20)
  - Re: Radio Signal Pent test (RFID) Byron Sonne (Dec 20)