Josh L. Perrymon wrote:
To summarize the thread...
My question is:
Is it possible to sniff the data from RFID access control cards and
write the contents to a generic RFID card? Then use the copied RFID card
to gain access inside the target building?
This is more just theory at this point.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yo Josh!
On Wed, 28 Jun 2006, Josh L. Perrymon wrote:
> From a pen-testing perspective: What do you guys think that large companies
> would say about this risk? Is this valid enough to cause change in an
> organization. Or is this like most everythin
Thanks for the link Gary,I read that article last night and believe it validates my thoughts. However, a lot of engineers found some details controversial.
http://www.digg.com/security/The_RFID_Hacking_UndergroundI think most of this was in regards to the term "cookie" and how it was used in the ar
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yo Josh!
On Tue, 27 Jun 2006, Josh L. Perrymon wrote:
> Is it possible to sniff the data from RFID access control cards and write
> the contents to a generic RFID card? Then use the copied RFID card to gain
> access inside the target building?
Yes:
There are a few different RFID companies that each have a unique
form of authentication based on top of existing standards. For
example, at the place I'm working we use these cards from HID. The
standards they run off of pretty interesting but it seems to me
that if you could gain enough
Josh L. Perrymon wrote:
I'm just looking to validate if this is the case.
Are most RFID access control cards susceptable to interception? I can
see the security features built into something like RFID Credit
Cards.. but I'm betting this is not the case with RFID access cards.
Obviously, I can
Hi Josh,
I have very little knowledge of RFID and how it works. But, I believe,
the answer to your question would depend on the type of card we are
talking about. If that's simple proximity card (the one that simply
sends serial number to the reader), then you can easily duplicate it,
see this fo
EMAIL PROTECTED]
Subject: Re: [Full-disclosure] Sniffing RFID ID's ( Physical Security )
On Tue, 27 Jun 2006 14:24:35 +1000, mikeiscool said:
> eh?
>
> surely a RFID would only communicate it's private token with a trusted
> (i.e. keyed) source.
>
> like a smartcard
s to block this.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
mikeiscool
Sent: Tuesday, June 27, 2006 12:25 AM
To: Josh L. Perrymon
Cc: full-disclosure@lists.grok.org.uk; [EMAIL PROTECTED]
Subject: Re: [Full-disclosure] Sniffing RFID ID's ( Physical Sec
To summarize the thread...My question is:Is it possible to sniff the data from RFID access control cards and write the contents to a generic RFID card? Then use the copied RFID card to gain access inside the target building?
This is more just theory at this point. I have read about encryption used
- Original Message From: Josh L. Perrymon <[EMAIL PROTECTED]>To: full-disclosure@lists.grok.org.uk; [EMAIL PROTECTED]Sent: Tuesday, 27 June, 2006 9:41:23 AMSubject: [Full-disclosure] Sniffing RFID ID's ( Physical Security )My ideas on RFID risk in its current implementation:I'm thinking a l
I'm just looking to validate if this is the case. Are most RFID access control cards susceptable to interception? I can see the security features built into something like RFID Credit Cards.. but I'm betting this is not the case with RFID access cards.
Obviously, I can't validate this until I get a
On 6/27/06, Josh L. Perrymon <[EMAIL PROTECTED]> wrote:
My post was based more on *existing* RFID implementations used for physical
security access cards.
I know that non-contact cards such as RFID Credit Cards use encryption so
on... But are still vulnerable to non-authorized transactions.. I'
My post was based more on *existing* RFID implementations used for physical security access cards. I know that non-contact cards such as RFID Credit Cards use encryption so on... But are still vulnerable to non-authorized transactions.. I'm mean.. there is no green button you push to authorize the
On 6/27/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
On Tue, 27 Jun 2006 14:24:35 +1000, mikeiscool said:
> eh?
>
> surely a RFID would only communicate it's private token with a trusted
> (i.e. keyed) source.
>
> like a smartcard ...
Well.. Yeah. That *would* make sense.
Unfortunately, so
On Tue, 27 Jun 2006 14:24:35 +1000, mikeiscool said:
> eh?
>
> surely a RFID would only communicate it's private token with a trusted
> (i.e. keyed) source.
>
> like a smartcard ...
Well.. Yeah. That *would* make sense.
Unfortunately, some beancounter would likely realize they can shave $0.02
Josh L. Perrymon wrote:
> I was contacted by Eweek recently about previous posts about RFID and
> how it
> is being used at the World Cup and Olympics. This got me thinking a little
> more about some previous ideas I have had. I think the real risk is in RFID
> access cards.
>
> World Cup and Ol
On 6/27/06, Josh L. Perrymon <[EMAIL PROTECTED]> wrote:
I was contacted by Eweek recently about previous posts about RFID and how it
is being used at the World Cup and Olympics. This got me thinking a little
more about some previous ideas I have had. I think the real risk is in RFID
access cards.
18 matches
Mail list logo
