RFID Hacking: Live Free or RFID Hard

27 Jan

 

RFID Hacking Tools

Practical guide for penetration testers to understand the attack tools and techniques available to them for stealing and using RFID proximity badge information to gain unauthorized access to buildings and other secure areas.

Tastic RFID Thief

BISHOP FOX

The Tastic RFID Thief is a silent, long-range RFID reader that can steal the proximity badge information from an unsuspecting employee as they physically walk near this concealed device. Specifically, it is targeting 125KHz, low frequency RFID badge systems used for physical security, such as those used in HID Prox and Indala Prox products.

Our goal is to make it easy for security professionals to re-create this tool so that they can perform RFID physical penetration tests and better demonstrate the risks posed by these technologies to their management. The hope is that they can get up and running quickly, even if they don’t have an RFID or electrical engineering background.
Design

We used an Arduino microcontroller to weaponize a commercial RFID badge reader (the HID MaxiProx 5375AGN00 – bought on Ebay) – effectively turning it into a custom, long-range RFID hacking tool. This involved the creation of a small, portable PCB (designed in Fritzing) that can be inserted into almost any commercial RFID reader to steal badge info.

Note, this PCB can alternatively be inserted into an Indala reader to for testing Indala Prox deployments (e.g. Indala Long-Range Reader 620). The PCB can be inserted into any RFID reader that supports the standard Wiegand DATA0/DATA1 output (which is pretty much all of them).


Tastic RFID Thief – Designed in Fritzing

The tool steals badge information silently, and conveniently saves it to a text file (CARDS.txt) on a microSD card for later use such as badge cloning.

This solution allowed us to read proximity cards from up to 3 feet away, making the stealthy approach an actual reality. A typical attack would involve placing the weaponized reader into a messenger bag or backpack, walking by someone in line at the local Starbucks, and capturing the RFID badge info on their person. A visualization of what the attack would look like is captured in the image below:

Visualization of the RFID stealing attack from up to 3 feet away.

*I have emailed Fran Brown and he gave me the permission to share this whole article on my blog.
All credits goes to Fran Brown – Bishop Fox.
Thanks again for this interesting presentation! :)

source:

http://www.bishopfox.com/

http://www.bishopfox.com/resources/tools/rfid-hacking/media-gallery/

http://www.bishopfox.com/resources/tools/rfid-hacking/attack-tools/

 

One Response to “RFID Hacking: Live Free or RFID Hard”

Trackbacks/Pingbacks

  1. RFID Hacking: Live Free or RFID Hard - Tastic R... - January 27, 2014

    […] The Tastic RFID Thief is a silent, long-range RFID reader that can steal the proximity badge information from an unsuspecting employee as they physically walk near this concealed device. Specifically, it is targeting 125KHz, low frequency RFID badge systems used for physical security, such as those used in HID Prox and Indala Prox products.Our goal is to make it easy for security professionals to re-create this tool so that they can perform RFID physical penetration tests and better demonstrate the risks posed by these technologies to their management. The hope is that they can get up and running quickly, even if they don’t have an RFID or electrical engineering background.  […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: