Re: Radio Signal Pent test (RFID)

[Byron Sonne <blsonne () rogers com>]

> I'm looking at how far RFID can be sniffed...

I doubt it's going to be sniffable very far. All of the RFID stuff I've 
seen works much like proximity readers for the swipe cards that I use to 
get into the building at work.

The tags, much like the prox cards, first have to be energized by the 
reader themselves, and generally only exchange information under 
distances of half a metre or so, usually less. The energizing takes 
place on one frequency, and the transmission back from the tag/card 
takes place on another (usually higher?) frequency. Think about it: if 
all these tags were live and transmitting the whole time, I don't care 
if it's spread spectrum or not, you're talking about potentially 
hundreds of thousands of items spitting out data. That would be rather 
hard to manage.

There is of course larger more powerful units, like toll highway 
transponders for cars/trucks. or the ones used on trains and freight 
cars. But those are still designed for rather short distances.

This isn't 802.11 or bluetooth, I don't think you'll be able to sit in a 
parking lot outside and read the inventory with a hacked up antenna. 
Unless you have some crazy kind of technology or something, in which 
case, I want in on it :)

Cheers,
Byron


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------