![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Hacking RFID
May. 15th, 2006 11:39 amhttp://www.wired.com/wired/archive/14.05/rfid.html
The latest issue of Wired contains an article which reminds us just how easy it is to hack some of these new, ubiquitous devices. Swipe cards are only marginally safer; as part of my undergraduate training we learned how to obtain information from our own bank cards.
Some examples:
1) Many places use RFID door locks to access the building. Someone with a copper coil and the appropriate (inexpesnsive) hardware can brush by you in a crowd (they only need to get within 2 inches of the RFID) to copy the information. They can then switch to emission mode and activate the door lock. Some hotels use a similar system for room entry.
2) Some cars use an engine immobilizer feature which employs an RFID tag in the head of the key which must be verified before turning the key will activate the engine. Someone can swipe the RFID code, placate the sensor in the ignition switch, then hotwire the car in the old-fashioned manner. (see also http://p2pnet.net/story/6535 and http://www.schneier.com/blog/archives/2005/10/rfid_car_keys.html)
3) The US has introduced RFID sensors in passports (credit cards are soon to follow). Canada will probably follow suit. The encryption will probably be based on some information printed on the passport itself, so if someone can get temporary access to the passport it may be possible to duplicate it. Nobody has tried it yet, but will only be a matter of time. (see also http://arstechnica.com/news.ars/post/20050429-4866.html, http://www.businessweek.com/bwdaily/dnflash/nov2004/nf2004115_1663_db016.htm, http://www.engadget.com/2006/02/24/department-of-homeland-security-looking-to-develop-super-rfid-ta/, http://www.engadget.com/2006/02/03/dutch-rfid-e-passport-cracked-us-next/, and http://www.mobilemag.com/content/100/102/C6340/)
4) Encryption should provide the answer; however, many of the current-used encryption schemes are low-bit length so can be broken with a $300 cracking software and 10 minutes on a top-of-the line PC. Also note that non-encrypted RFIDs are FAR cheaper (about 0.25$ each) than encrypted ones ($5.00 each) so are more popular. Oftentimes, decrypting is not even required. (see also http://www.rfidjournal.com/article/articleview/1027/1/1/)
5) Libraries generally leave their RFIDs in "unlocked" mode so that they can be updated with new information. Unfortunately, a hacker can easily wipe the sensor and walk out of a library with a book undetected. Similarly, RFIDs in stores can be hacked to either disable them (so the item can be stolen) or the price changed (so the item can be purchased for a miniscule sum). (see also http://www.librarian.net/stax/1740)
6) Hacking is not the only problem; cookies can be placed on RFIDs to track where the RFID was used. For example, a cookie placed on a passport would imediately allow a person to retrieve what countries the person has visited without having to open the book. Similarly, a credtit card with a cookie could be used to track what stores it was used at. (see also http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1174912,00.html for RFID viruses)
Other articles:
http://news.com.com/RFID+tags+become+hacker+target/2100-1029_3-5287912.html
http://www.techimo.com/newsapp/i11571.html
http://news.com.com/2010-1039-5327719.html
http://tagged.kaos.gen.nz/index.php?s=c26ffc87b3b06f2a2c0c5eaf6776cf87&
Tools and resources
http://itvibe.com/news/2767/
http://www.gizmodo.com/archives/bluesniper-rifle-and-more-fun-bluetooth-exploits-019037.php
The latest issue of Wired contains an article which reminds us just how easy it is to hack some of these new, ubiquitous devices. Swipe cards are only marginally safer; as part of my undergraduate training we learned how to obtain information from our own bank cards.
Some examples:
1) Many places use RFID door locks to access the building. Someone with a copper coil and the appropriate (inexpesnsive) hardware can brush by you in a crowd (they only need to get within 2 inches of the RFID) to copy the information. They can then switch to emission mode and activate the door lock. Some hotels use a similar system for room entry.
2) Some cars use an engine immobilizer feature which employs an RFID tag in the head of the key which must be verified before turning the key will activate the engine. Someone can swipe the RFID code, placate the sensor in the ignition switch, then hotwire the car in the old-fashioned manner. (see also http://p2pnet.net/story/6535 and http://www.schneier.com/blog/archives/2005/10/rfid_car_keys.html)
3) The US has introduced RFID sensors in passports (credit cards are soon to follow). Canada will probably follow suit. The encryption will probably be based on some information printed on the passport itself, so if someone can get temporary access to the passport it may be possible to duplicate it. Nobody has tried it yet, but will only be a matter of time. (see also http://arstechnica.com/news.ars/post/20050429-4866.html, http://www.businessweek.com/bwdaily/dnflash/nov2004/nf2004115_1663_db016.htm, http://www.engadget.com/2006/02/24/department-of-homeland-security-looking-to-develop-super-rfid-ta/, http://www.engadget.com/2006/02/03/dutch-rfid-e-passport-cracked-us-next/, and http://www.mobilemag.com/content/100/102/C6340/)
4) Encryption should provide the answer; however, many of the current-used encryption schemes are low-bit length so can be broken with a $300 cracking software and 10 minutes on a top-of-the line PC. Also note that non-encrypted RFIDs are FAR cheaper (about 0.25$ each) than encrypted ones ($5.00 each) so are more popular. Oftentimes, decrypting is not even required. (see also http://www.rfidjournal.com/article/articleview/1027/1/1/)
5) Libraries generally leave their RFIDs in "unlocked" mode so that they can be updated with new information. Unfortunately, a hacker can easily wipe the sensor and walk out of a library with a book undetected. Similarly, RFIDs in stores can be hacked to either disable them (so the item can be stolen) or the price changed (so the item can be purchased for a miniscule sum). (see also http://www.librarian.net/stax/1740)
6) Hacking is not the only problem; cookies can be placed on RFIDs to track where the RFID was used. For example, a cookie placed on a passport would imediately allow a person to retrieve what countries the person has visited without having to open the book. Similarly, a credtit card with a cookie could be used to track what stores it was used at. (see also http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1174912,00.html for RFID viruses)
Other articles:
http://news.com.com/RFID+tags+become+hacker+target/2100-1029_3-5287912.html
http://www.techimo.com/newsapp/i11571.html
http://news.com.com/2010-1039-5327719.html
http://tagged.kaos.gen.nz/index.php?s=c26ffc87b3b06f2a2c0c5eaf6776cf87&
Tools and resources
http://itvibe.com/news/2767/
http://www.gizmodo.com/archives/bluesniper-rifle-and-more-fun-bluetooth-exploits-019037.php