Re: RFID Tags

From: Rogan Dawes (discard@dawes.za.net)
Date: Tue May 11 2004 - 02:42:26 EDT

• Next message: Konstantin Gavrilenko: "Re: The Ultimate Toolkit..."
• Previous message: Ivan Arce: "Re: WEP attacks based on IV Collisions"
• In reply to: James Hester: "RE: RFID Tags"
• Next in thread: James Hester: "RE: RFID Tags"
• Reply: James Hester: "RE: RFID Tags"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Since the tag basically just transmits whatever is programmed into it
when interrogated, I see no reason that someone should not be able to
create a "programmable" RFID tag emulator, that simply broadcasts
whatever that person wants it to when interrogated.

For example, picture a standard RFID chip, with basic components such as
an antenna, a tiny CPU, and some memory (ROM, EPROM, EEPROM, FLASH,
whatever).

When the tag is interrogated, the CPU reads whatever is in the memory,
and broadcasts it out.

How difficult can it be to have an alternate way of programming that memory?

At this point in time, I don't think that RFID tags are using any
encryption (i.e. transforming a challenge broadcast to it in some way),
which means that it should be trivial to snoop on a response, or
interrogate the tag yourself, and copy it into your programmable tag.

So, yes, I would say that they can be copied/faked.

I would also be inclined to believe that, once changed, it would not be
possible to read what the original data was, DEPENDING on the nature of
the underlying media. For instance, if you are using a WO-RM type of
memory, that marks previously used positions as invalid, but does not
overwrite them, with the right tools, you should be able to get at that
previous data. I doubt that too many tags would be using this kind of
scheme, but it could be worth investigating for a forensics case . . .

Regards,

Rogan

James Hester wrote:

> Tim,
> That depends on what tag you are going to use. The Class I tag has 96 bits
> of memory that can be programmed. There are some types of tags that have the
> ability to password protect the memory, but when you do things like that it
> drives the price up. The tags can be written, but I doubt you will be able
> to pull the original data off once it's erased since it's stored on the
> tag's chip.
>
> Jay
>
> -----Original Message-----
> From: Timothy Marshall [mailto:tim@labmonkey.me.uk]
> Sent: Monday, May 10, 2004 6:05 AM
> To: pen-test@securityfocus.com
> Subject: RFID Tags
>
>
> Hi,
>
> Does anyone have information / experience on how secure these tags are? Can
> the data they store be changed in anyway? Can they be copied / faked? If
> they are changed can the original information still be read?
>
> Cheers
>
> Tim
>
>
>
> ----------------------------------------------------------------------------
> --
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the
> skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ----------------------------------------------------------------------------
> ---
>
>
>
> ------------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> -------------------------------------------------------------------------------
>
>

-- 
Rogan Dawes
*ALL* messages to discard@dawes.za.net will be dropped, and added
to my blacklist. Please respond to "lists AT dawes DOT za DOT net"
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

• Next message: Konstantin Gavrilenko: "Re: The Ultimate Toolkit..."
• Previous message: Ivan Arce: "Re: WEP attacks based on IV Collisions"
• In reply to: James Hester: "RE: RFID Tags"
• Next in thread: James Hester: "RE: RFID Tags"
• Reply: James Hester: "RE: RFID Tags"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:53 EDT