Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Long Range RFID Hacking Tool To Be Released At Black Hat

Unknown Lamer posted about a year ago | from the arduino-powered-passport-collector dept.

Security 73

msm1267 writes "Next week at the Black Hat Briefings in Las Vegas, a security researcher will release a modified RFID reader that can capture data from 125KHz low frequency RFID badges from up to three feet away. Previous RFID hacking tools must be within centimeters of a victim to work properly; this tool would allow an attacker or pen-tester to store the device inside a backpack and it would silently grab card data from anyone walking close enough to it.The researcher said the tool will be the difference between a practical and impractical attack, and that he's had 100 percent success rates in testing the device. Schematics and code will be released at Black Hat as well." Plus it's built using an Arduino.

cancel ×

73 comments

Sorry! There are no comments related to the filter you selected.

Three feet away... (4, Funny)

K. S. Kyosuke (729550) | about a year ago | (#44370339)

...as in, almost though not quite enough to reach into an American's personal bubble, but totally workable in Japan.

Re:Three feet away... (5, Insightful)

intermodal (534361) | about a year ago | (#44370359)

Until you put the Americans on any form of public transit. Metro, BART, DART, Marta, MARC, SEPTA, you name it. Grab a seat by the door and you're in business.

Re:Three feet away... (1)

K. S. Kyosuke (729550) | about a year ago | (#44370467)

That was supposed to be a joke. Anyway, what are the options? Aren't there materials for shielding EM (well, mostly M) fields in the range of 10kHz-1MHz? One would assume that even if an owner of such RFID device frequented these crowded places, instead of, say, commuting by car, he wouldn't be willing to pull the thing out in such environments.

Re:Three feet away... (1)

Xicor (2738029) | about a year ago | (#44370679)

any dense metal would block the signal... just walk around with a lead backpack and you should be fine

Re:Three feet away... (4, Funny)

realityimpaired (1668397) | about a year ago | (#44370795)

Burn lots of calories carrying around the extra weight, too...

Hmm. I like your ideas and wish to subscribe to your newsletter.

Re:Three feet away... (1)

ebno-10db (1459097) | about a year ago | (#44373367)

Try aluminum foil.

Re:Three feet away... (0)

Anonymous Coward | about a year ago | (#44374231)

most of the israeli tech-startups are actually very good at spinning aluminium foil...
now if we could only get 3m to disclose that they integrated satellite-pingability for the passport rfid`s, the popular misconception about having free and private lives would burst.
perhaps not quite as big as the israeli tech-bubble about to burst when AMDOCS and AKAMAI (read aipac) get exposed internationally as "FOREIGN AGENTS".

and tinfoil panhandling agents at that!

*send `em all to Guantanamo Bay, or juST GIVE `EM TO THE CHINESE!" - Einstein`s Past Particible Ghost

Re:Three feet away... (2)

plover (150551) | about a year ago | (#44370689)

Shielding options? Sure, they're pretty cheap and easy. My passport has a shield built into the cover. It has to be opened to be read. And my passport card came with a foil sleeve that shields it. You can also buy RF shielding wallets in many places.

But look at the people. People don't carry shields today because then their cards don't easily work at the readers. Watch people using the readers today, and you'll see. They like to wave their purse or wallet at the reader and walk on by. It's hardly a convenience if they have to stop, open their purse, pull out their wallet, take the card from the shield, and wave it over the reader, then put the card back in the wallet, and put the wallet back in the purse.

Another thing to consider is that lots of the companies around here integrate the RFID chip into their employee badges, which they have to have visible when walking around in their buildings. Half the people eating lunch at the various restaurants around town are wearing exposed name-tag/RFID-badges. If you hide a reader inside a McDonalds waste bin you'll get a hundred cards a day.

The last thing is that if the attacker places the device near enough to the reader, (a flower pot next to the door, perhaps) people will be extracting their cards in the vicinity to legitimately gain access. This will give the attacker a window of opportunity to clone the card.

Re:Three feet away... (2)

pixelpusher220 (529617) | about a year ago | (#44371121)

For a Bi-Fold wallet, is some metal mesh or other flexible metallic lattice put in the bill fold enough (so that it acts like a clamshell) ? Or would you likely need a tri-fold wallet type?

Re:Three feet away... (1)

plover (150551) | about a year ago | (#44371379)

Good question!

My bifold wallet is full of ID cards and other litter, and almost devoid of cash :-) and is thick enough that it doesn't meet at the edges. It's not sealed like a passport booklet. I keep two NFC cards in it, and I've found they tend to interfere with each other if I try to use either one when the wallet is closed. I've learned that to board a train I need to flip the wallet open to the side with the transit card, and it reads very quickly and reliably.

Passports close very flat. When CBP wants to scan my passport, they have to open it before placing it in the reader. I have seen video of a passport reader able to read a passport that was only open only about 1/2" (12mm), so it obviously doesn't take much of a gap.

But these are all NFC devices, and may not represent the way the 125kHz access cards used in this example do.

Re:Three feet away... (1)

FictionPimp (712802) | about a year ago | (#44371507)

I own this http://www.thinkgeek.com/product/8cdd/?rkgid=275668648&cpg=ogpla&source=google_pla&device=c&network=g&matchtype=&gclid=CJP-74zKyLgCFc4-MgodGFgA3g [thinkgeek.com]

It works, I have to take my wallet out and open it for the reader to register my card at work.

Re:Three feet away... (1)

pixelpusher220 (529617) | about a year ago | (#44371581)

It sits nice and flat when empty :) how much farther open is it with actual stuff in it? 3-4 cards, cash, etc.

Re:Three feet away... (0)

Anonymous Coward | about a year ago | (#44370713)

One of the things my father tested was wrapping a tin/aluminum foil around credit cards, then testing it out on credit card machines with the tap feature enabled. The machine would act as if nothing had happened; it will only work if he removed the foil, effectively neutralizing any close-quarter RFID stealing. However, if this new devices is more powerful, I am not sure that thin sheet of foil can protect against it.

Re:Three feet away... (3, Interesting)

Em Adespoton (792954) | about a year ago | (#44370939)

At last year's BlackHat, a foil gum wrapper on one side of the badge was enough to block transmission.

If this more powerful emitter will somehow get past that, I recommend someone use this technology for beefing up regular readers; not to 3 feet, but at least to get the readers working reliably at 1".

An even better reader design would be to have a cage around the reader that shields the card from most directions when it is presented.

Re:Three feet away... (1)

ebno-10db (1459097) | about a year ago | (#44373717)

At last year's BlackHat, a foil gum wrapper on one side of the badge was enough to block transmission.

Not surprising. You don't need a great shield to block RFID. What most people overlook is that RFID tags are passive - they get the power for operation from the receive signal itself. Therefore they need a much higher receive signal than even the cheapest radio. Your reader could have the most sensitive receiver in the world, but it won't help unless the tag is receiving enough power.

Re:Three feet away... (0)

Anonymous Coward | about a year ago | (#44371071)

One would assume that even if an owner of such RFID device frequented these crowded places, instead of, say, commuting by car, he wouldn't be willing to pull the thing out in such environments.

One would be wrong.

DC Metro SmarTrip cards [dcist.com] are an RFID device, as are many Federal Employee ID's [epic.org] . Many folks I see on the Metro keep both of them in a plastic sleeve or case on a lanyard hanging around their necks.

It would be very interesting to see what sort of data one could collect while riding the DC Metro.

Re:Three feet away... (1)

flux (5274) | about a year ago | (#44378077)

The option is to make the cards secure in a fashion that it doesn't matter if someone unauthorized gets to access them.

Re:Three feet away... (1)

mythix (2589549) | about a year ago | (#44370501)

except it doesn't mention how long it takes to be hacked

Re:Three feet away... (1)

plover (150551) | about a year ago | (#44370749)

except it doesn't mention how long it takes to be hacked

It takes exactly as long as it takes to read it. There is no encryption or security on these cards, so once they're read, the attacker has enough data to create a working clone.

" *Beep* - clone's ready." Except for the part where the attacker doesn't put a beeper on his reader.

Re:Three feet away... (1)

intermodal (534361) | about a year ago | (#44370877)

Exactly. It takes no longer than reading the card does anywhere else. It's pretty much instant.

Re:Three feet away... (1)

Salgak1 (20136) | about a year ago | (#44370761)

Or build it into a wall-wart or power-strip in a high-traffic area. Like the break room, or the power strip the coffee machine is plugged into. Sort of a next-gen Pwnie Express [pwnieexpress.com] or PwrPwn [pwnieexpress.com] . . .

Re:Three feet away... (0)

Anonymous Coward | about a year ago | (#44380227)

Public transportation? Shame on you! Large personal vehicles only! Next you will be talking about "walking" whatever that is.

Re:Three feet away... (1)

intermodal (534361) | about a year ago | (#44380281)

Obviously walking is how you get from your large personal vehicle to your golf cart when you arrive at your destination.

Re:Three feet away... (1)

SJHillman (1966756) | about a year ago | (#44370361)

More than plenty of places in the US where you would be crowded shoulder to shoulder. Or just hang out next to the entrance to a building with your bag resting on a potted tree, bench, windowsill, etc that's right next to the door... keeps you out of three foot range while still enabling your bag to be within it. Just be on your cell phone and people probably won't accuse you of loitering.

Re:Three feet away... (1)

TFlan91 (2615727) | about a year ago | (#44370677)

Not after what happened in Boston will an unintended bag in a public space be acceptable. At least in any major metropolitan area.

The real winner will be someone who has the authority to stand there or the ability to blend into a crowded area. I would be security, maintenance, work the register, greeter at wal-mart, whatever; become a part of the building your scalping from so your unattended bag can be hidden and no one will say "OMG BOMB"

Re:Three feet away... (1)

SJHillman (1966756) | about a year ago | (#44370725)

By "hang out next to the entrance", I meant stay with your bag, to avoid someone stealing it as much as someone suspecting a bomb. It's pretty common for people to put their bag next to them while they stand waiting or talking on the phone. That way, your bag can be several feet closer to the target area than if you were wearing it, still without arousing suspicion.

Re:Three feet away... (1)

plover (150551) | about a year ago | (#44370809)

As he said, you could stand there by the door on your cell phone, with your back (and backpack) to the door, and nobody would question you.

If you're shy, you could put the circuit in a plastic electrical box along with a battery pack, put a big wheelchair button on the face of it, and use double sided tape to stick the box next to the door reader. Then tape an "out of order" sign over it. Our world is filled with innocuous devices that don't scream "OMG BOMB".

And I'm not a professional social engineer. I'm sure those guys are a lot more creative than I am.

Re:Three feet away... (2)

cusco (717999) | about a year ago | (#44371525)

Baloney. Co-worker left his backpack on the train the other day, he waited until the train turned around and came back and the backpack was still shoved under the seat where he left it.

Re:Three feet away... (2)

pixelpusher220 (529617) | about a year ago | (#44371771)

There's a big difference between a backpack left next to a wall on an open floor near a door and one stuffed under a seat in a small space with confined viewing angles.

Not to say the former would be noticed, but it's a lot more likely. It's much more probable that nobody actually noticed your friends bag, rather than noticed it and ignored it.

Re:Three feet away... (0)

Anonymous Coward | about a year ago | (#44373447)

Not after what happened in Boston will an unintended bag in a public space be acceptable.

Bah. You don't use a backpack. You use something that looks like it belongs there. A flowerpot, a garbage bin, a mailbox. Or one of the locked boxes that telcos and electricity companies like to put up anywhere.

Oh, and if you want to bomb - put the bomb in a garbage bin. Nobody suspect anything, and free extra shrapnel . . .

Re:Three feet away... (1)

pellik (193063) | about a year ago | (#44375427)

The old phreaking practice would work well here. Just spray-paint some tupperware tan and use some double stick tape to attach it to the wall near the card reader you are targeting and put your device in it. Painted boxes attached to walls are practically invisible.

Re:Three feet away... (0)

Anonymous Coward | about a year ago | (#44370387)

You never taken PATH train or Subway in NYC have you? This would totally work, time to buy stock in lead wallets.

Re:Three feet away... (1)

plover (150551) | about a year ago | (#44370875)

You never taken PATH train or Subway in NYC have you? This would totally work, time to buy stock in lead wallets.

Lead wallets? The cards aren't read with X-rays! Aluminum foil works fine to block the RF emissions.

Re:Three feet away... (0)

daem0n1x (748565) | about a year ago | (#44370541)

I think this is absurd. Why would anyone wear RFID tags on their feet? And who has three feet, anyway?

Re:Three feet away... (0)

pixelpusher220 (529617) | about a year ago | (#44370893)

polite golf clap ;-)

Re:Three feet away... (1)

pixelpusher220 (529617) | about a year ago | (#44377711)

Troll? seriously, it's called 'humor' just wow

Re:Three feet away... (1)

Crudely_Indecent (739699) | about a year ago | (#44371335)

How many buildings in the USA have an ashtray/can next to their entrance? What about a potted plant (real or fake)? Walk across a raised computer floor recently?

There are a ton of places this technology could hide within 3 feet of a purse/wallet.

Is something wrong with your imagination?

Long range (1)

mythix (2589549) | about a year ago | (#44370367)

I wouldn't necessarily qualify three feet as long range.

But this could still pose a danger to the upcomming mass RFID use...

Re:Long range (2)

SJHillman (1966756) | about a year ago | (#44370435)

"Long" is a relative term. When going from a few centimeters to a meter, that's a an increase of 20 or thirty times.
A rifle is long range compared to a pistol. A mortar is long range compared to a rifle. A cruise missile is long range compared to a mortar.

Sounds legit (1)

mythix (2589549) | about a year ago | (#44370375)

he's had 100 percent success rates in testing the device

a 100% success rate between 2 failed attempts

Woo-hoo 3 feet!!! (1, Insightful)

OzPeter (195038) | about a year ago | (#44370463)

You can by commercial products that can read RFID tags from a lot further away. 5 seconds on google and I found long range passive rfid reader for vehicle management [alibaba.com] that claims 8 to 15 metres.

I suspect that some researchers really don't have a clue as to what state of the art is.

Plus when it comes to reading things via radio waves the most important thing is the antenna and not the computer connected to it. So saying "Plus it's built using an Arduino." is getting almost as bad as patents that are ".. using a computer!!!!!!!!!!"

Re:Woo-hoo 3 feet!!! (4, Informative)

Umuri (897961) | about a year ago | (#44370555)

You do realize the difference between low frequency and high frequency RFID right?
Allow me to answer in Haiku:

What you found yells loud,
while this new device can hear,
barely a whisper

Re:Woo-hoo 3 feet!!! (1)

zAPPzAPP (1207370) | about a year ago | (#44372275)

I have developed RFID reader applications for the 4102 (125khz) chips and we could read them easily from 3-5 metres.
Provided we used the right antenna (directional) and maxed the power output of course.

Such a setup might be to big for disguised hacking.

Still, a lot more of 'a few centimeters' should be no problem at all. Given the goal of hacking someone from afar, these previous 'hackers' have failed pretty hard if that's all they got.

Re:Woo-hoo 3 feet!!! (0)

Anonymous Coward | about a year ago | (#44375133)

Magnetic component or electric?

Re:Woo-hoo 3 feet!!! (3, Informative)

SJHillman (1966756) | about a year ago | (#44370557)

I believe it has to do with frequency. He's looking at the 125KHz range, which Wikipedia lists a range of about 10cm. The link you posted is for 860-928MHz, which Wikipedia lists as having a rnage of up to 12 meters.

http://en.wikipedia.org/wiki/Radio-frequency_identification#Frequencies [wikipedia.org]

Re:Woo-hoo 3 feet!!! (1)

zAPPzAPP (1207370) | about a year ago | (#44372355)

The 125khz chips can be read from several metres if you use the right setup.

It's just usually not the desired. Applications based on these chips often use the limited range to do more selective readings.
Say you want to read ONLY the tag on a single item in a stack and not pick up the other tags close by.

Re: Woo-hoo 3 feet!!! (1)

niftydude (1745144) | about a year ago | (#44370613)

The link you supplied is for a UHF (~900 MHz) RFID reader. The researcher is presenting a device for a low freq (125 kHz) RFID reader.

I agree specifying that it uses an arduino is a bit redundant.

May I recommend... (1)

RevWaldo (1186281) | about a year ago | (#44370475)

http://www.muji.us/store/aluminum-card-case-thick.html [www.muji.us]

It blocks your cards from being read, fits nicely in your shirt pocket, and durable and stylish ta boot.

.

Re:May I recommend... (1)

realityimpaired (1668397) | about a year ago | (#44371299)

You could also just ask your bank to give you cards that don't have RFID in them... My bank gave me no argument or pushback at all when I asked them to do that.

Re:May I recommend... (1)

minstrelmike (1602771) | about a year ago | (#44371377)

You could also just ask your bank to give you cards that don't have RFID in them... My bank gave me no argument or pushback at all when I asked them to do that.

Did you 'see' them take away the RFID?
Just made me laugh, like the NSA providing a little checkbox if you want your name taken off the surveillance list (when it actually promotes your name on the list).

Re:May I recommend... (2)

plover (150551) | about a year ago | (#44371543)

You can tell an RFID enabled card pretty easily. It's not kept secret. Your first clue should be the printing of the distinctive "radiating four parenthesis" logo that advertises "RFID within".

Second, if you have a card that you might suspect has RFID in it, but you're not sure, look carefully at the surface of the card, particularly the reflections of light on the smooth surfaces. If the card has an embedded chip, it's often visible as a small (5mm, 3/16") squarish dimple, either on the back or the front of the card. Sometimes the dimple is parallel to the edges of the card, but some HID cards have the chip set at a 45 degree angle in a corner of the card. HID cards also commonly have their ID number printed along an edge with a dot matrix printer.

Usually, though, it's not a mystery. The banks or the issuers put the RFID chip in the card because they intend for you to use it, not because they like to spend money on secret chips you won't use.

Re:May I recommend... (0)

Anonymous Coward | about a year ago | (#44374319)

*pretty easily*
This WOULD BE true,
but that would be in the unlikely case that banksters, multinational corporatecrooks, and their spooky butt-buddies (mossad/cia/nsa) were acting ethically and responsibly.......

Bill Gates might have dreamed about breaking the nuclear-fuel-cycle racket, but that`s like saying that George W Bush was pimping the Seven Sisters.....

dream on you flirt!

A good flashlight does wonders too (1)

freaker_TuC (7632) | about a year ago | (#44379595)

Just light the back of the card up and you'll see the rfid antenna and chip. Sunlight might do the job if the card is thin enough.

Re:May I recommend... (0)

Anonymous Coward | about a year ago | (#44373499)

Get your own reader and try. Easy enough now that an arduino is all we need . . .

Re:May I recommend... (1)

cusco (717999) | about a year ago | (#44371575)

I told Chase that I didn't want the RFID on my replacement bank card. They sent the new card along with a nice pamphlet about how useful and convenient the included RFID was. I found that 3 seconds in the microwave will kill the chip, but 5 seconds will warp the card. The replacement for the replacement didn't have the chip. (Then they started charging for the "lifelong free checking" and we finally moved all our accounts to the credit union.)

Re:May I recommend... (1)

realityimpaired (1668397) | about a year ago | (#44371829)

I told Chase that I didn't want the RFID on my replacement bank card. They sent the new card along with a nice pamphlet about how useful and convenient the included RFID was.

*shrugs* you need a new bank. I would have closed my account and gone to another bank if that was their response.

(Then they started charging for the "lifelong free checking" and we finally moved all our accounts to the credit union.)

I also would have cancelled my account over that.

By Design? (0)

Anonymous Coward | about a year ago | (#44370485)

How convenient....

RIFD Proof Wallets? (1)

jjp9999 (2180664) | about a year ago | (#44370511)

I'm wondering now if it's time to buy a RIFD proof wallet. Anyone have experience with them? Do they work?

Re:RIFD Proof Wallets? (2)

SJHillman (1966756) | about a year ago | (#44370615)

I don't think you want an RFID-proof wallet so much as a radio frequency blocking wallet. An RFID-proof wallet would just be silly, because then where would you keep your RFIDs?

Re:RIFD Proof Wallets? (1)

Em Adespoton (792954) | about a year ago | (#44371021)

I don't think you want an RFID-proof wallet so much as a radio frequency blocking wallet. An RFID-proof wallet would just be silly, because then where would you keep your RFIDs?

What proof-level is RFID rated at anyway? American products are usually low-proof, so an American RFID-proof wallet likely wouldn't provide the kick you'd get from a German RFID-proof wallet.

Re:RIFD Proof Wallets? (0)

Anonymous Coward | about a year ago | (#44371893)

I bought one a while back. It definitely keeps my train pass from working in the turnstiles at the station. I have to physically remove it from my wallet before I can get through.

Re:RIFD Proof Wallets? (1)

nogginthenog (582552) | about a year ago | (#44372875)

Just put 2 RFID cards in the same wallet and you're guaranteed they will not work. Yes, I'm looking at you London Oyster card.

This is already in the wild... (2)

Phixxr (794883) | about a year ago | (#44371089)

According to a relative of mine in law enforcement this attack is already in play in several major cities. Generally targeting Apple stores as the cards that are collected are more-likely to have higher limits and available balances. The CC thief generally stands at the entrance to the store with a backpack, and is automatically uploading card details to a central host. Those details are then written to blank cards and used in Casinos in Las Vegas within a matter of hours.

Re:This is already in the wild... (0)

Anonymous Coward | about a year ago | (#44371303)

Tell him he's clueless, as credit cards don't use this technology. Much more likely that someone working at the store is skimming the cards. NFC is pretty hard to extend the range of.

What. No Raspberry Pi! (0)

Anonymous Coward | about a year ago | (#44371173)

"Plus it's built using an Arduino." Not news worthy until it's on the pi!

Will be more interesting with NFC... (1)

tlhIngan (30335) | about a year ago | (#44371399)

Once this applies to NFC, things will get interesting as just reading NFC gets you the track2 information of a credit card.

Or take two smartphones and "pay" using the smartphone while you bill it to someone else without having to bump them. (NFC proxy).

Does it go through this? (0)

Anonymous Coward | about a year ago | (#44371603)

Does it work trough the RFID Blocking Wallet [thinkgeek.com] ?

This is awesome (2)

zero0ne (1309517) | about a year ago | (#44372559)

125KHz is the same freq. that they use in the little rfid pills they inject to your pets...

I'd love to be able to track / control my pets around the house with this

- Sick cat? only give it access to one of the litter boxes.
- Cat with different dietary requirements? Give them each their own bowl that are 5+ feet away from each other and have it with a door / retractable cover.
- Outdoor cat? Have the cat door unlock when it gets close to it, but only for that one cat.

Re:This is awesome (0)

Anonymous Coward | about a year ago | (#44375249)

Or, better yet:

Outdoor cat? Keep it inside so it stops contributing to the songbird apocalypse.

Re:This is awesome (1)

pellik (193063) | about a year ago | (#44375453)

Why stop with pets? Have a favorite employee? Favorite child?

Re:This is awesome (0)

Anonymous Coward | about a year ago | (#44375525)

2050 Starbucks/McDonalds will know exactly how much time each employee spends at their assigned station

Re:This is awesome (0)

Anonymous Coward | about a year ago | (#44382789)

Favorite slave^Wcitizen?

Re:This is awesome (0)

Anonymous Coward | about a year ago | (#44378969)

The problem is failure. What happens if one of the readers breaks down and stops your cat from using a litter box? or eating? or traps them outside in the cold?

There's going to be a lot of bugs when trying to implement something like this and your cat will suffer for every one.

I personally love the idea of RFID, but i really think it shouldn't be used in cases where failure can cause suffering or damage.

Good = RFID controlled lighting. When you walk into the room, the light turns on.
Bad = RFID controlled fire hoses which only allow firefighters to access it.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>