Re: RFID Tags

From: lsi (stuart_at_cyberdelix.net)
Date: 05/11/04

  • Next message: Ivan Arce: "Re: WEP attacks based on IV Collisions"
    To: <tim@labmonkey.co.uk>
    Date: Tue, 11 May 2004 09:49:59 +0100
    
    

    I read about some theoretical attacks on RFID:

    - unauthorised usage: Black Hat walks onto train with rogue ID
    sniffer, gets IDs of all tags in the carriage - this info might be
    used to compute the relative value of each commuter's clothes and
    belongings, and their origins. If RFIDs go into drivers licenses,
    passports etc, then the presence of those documents will be revealed
    without a search. If the RFIDs go into credit cards, Black Hat will
    know how many, and which ones, you have. And if RFIDs go into cash,
    then Black Hat will know how much you're carrying.

    - replay attack: sniff a tag's ID, then later, play it back to the
    detector and impersonate that tag

    "Security professionals need to realize that RFID tags are dumb
    devices. They listen, and they respond. Currently, they don't care
    who sends the signal. Anything your companies' transceiver can
    detect, the bad guy's transceiver can detect. So don't be lulled into
    a false sense of security." --
    http://www.securityfocus.com/columnists/169

    Stuart
    On 10 May 2004 at 19:04, Timothy Marshall wrote:

    Send reply to: <tim@labmonkey.co.uk>
    From: "Timothy Marshall" <tim@labmonkey.me.uk>
    To: <pen-test@securityfocus.com>
    Subject: RFID Tags
    Date sent: Mon, 10 May 2004 19:04:35 +0800
    Organization: Labmonkey.co.uk

    > Hi,
    >
    > Does anyone have information / experience on how secure these tags are? Can
    > the data they store be changed in anyway? Can they be copied / faked? If
    > they are changed can the original information still be read?
    >
    > Cheers
    >
    > Tim
    >
    >
    >
    > ------------------------------------------------------------------------------
    > Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    > any course! All of our class sizes are guaranteed to be 10 students or less
    > to facilitate one-on-one interaction with one of our expert instructors.
    > Attend a course taught by an expert instructor with years of in-the-field
    > pen testing experience in our state of the art hacking lab. Master the skills
    > of an Ethical Hacker to better assess the security of your organization.
    > Visit us at:
    > http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    > -------------------------------------------------------------------------------

    ---
    Stuart Udall
    stuart at@cyberdelix.dot net - http://www.cyberdelix.net/
    --- 
     * Origin: lsi: revolution through evolution (192.168.0.2)
    ------------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    -------------------------------------------------------------------------------
    

  • Next message: Ivan Arce: "Re: WEP attacks based on IV Collisions"

    Relevant Pages

    • Re: If You Think Your RFID Passport Is Secure, Think Again
      ... "Most commercial RFID tags don't include security, which is expensive: A typical passive RFID chip costs about a quarter, whereas one with encryption capabilities runs about $5. ... Chips that track product shipments or expensive equipment, for example, often contain pricing and item information. ...
      (rec.travel.air)
    • Re: Businesses praise chips as privacy groups worry
      ... RFID technology, which couples highly miniaturized computers with radio ... on shampoo bottles and department store clothing tags. ... At a store, RFID doorways could scan your purchases automatically as you ... A 2005 patent application by American Express itself describes how ...
      (soc.retirement)
    • Re: Businesses praise chips as privacy groups worry
      ... RFID technology, which couples highly miniaturized computers with radio ... on shampoo bottles and department store clothing tags. ... At a store, RFID doorways could scan your purchases automatically as you ... A 2005 patent application by American Express itself describes how ...
      (soc.retirement)
    • RFID Security: Retail and Beyond
      ... Human implantable RFID tags, signal interference, and RFID tag ... you see very few shoppers carrying RFID mobile readers to scan ...
      (alt.privacy)
    • Re: RFID chips, a technological advancement over Nazi tatooing of prisoners!
      ... Subject: German RFID Scandal: Hidden devices, unkillable tags found ... inMetro Future Store ... German RFID Scandal: Hidden devices, ... loyalty cards. ...
      (alt.guitar.amps)