Re: RFID Tags

From: c3rb3r (c3rb3r@sympatico.ca)
Date: Tue May 25 2004 - 01:18:18 EDT

• Next message: Thomas Biege: "Call for Participation Workshop DIMVA 2004"
• Previous message: Thor: "Re: enumeration of SQL column names failed when a column is of type "bit""
• In reply to: lsi: "RE: RFID Tags"
• Next in thread: c0ncept: "Re: RFID Tags"
• Reply: c0ncept: "Re: RFID Tags"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

There are already in-use security applications for RFID,
for instance HID is selling access keys/cards/readers/programmers to
identify enployees and control access to buildings/offices.
it would be interresting to see how easy it is to duplicate an existing
key and thus to impersonate an employee, one for instance may
stand near the door with a reader in the pocket and harvests keys, then
later duplicates keys at home with a programmer.
I have seen no pocket readers so far but would it be such a pain for an
electronic enthusiast to build one ? also programmer and keys are
inexpensive and quite accessible for the public.
i don 't see any reference either to encryption in HID products
documentations, just different data formats needed to be compliant
with several card models.
This looks rather like data encoding than data encryption.
I m aware of many buildings around there already using this vendor
techno so i 'm wondering if such a replay attack is realistic ?
If so it is a very serious issue, has anybody already some experience in
this area ?
cheers
Gregory

some references:
foxpro key:
http://www.hidcorp.com/products/proximityproducts/proxkey2.html

programmer:
http://www.hidcorp.com/products/proximityproducts/proxprogrammer.html
 

>
>

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

• Next message: Thomas Biege: "Call for Participation Workshop DIMVA 2004"
• Previous message: Thor: "Re: enumeration of SQL column names failed when a column is of type "bit""
• In reply to: lsi: "RE: RFID Tags"
• Next in thread: c0ncept: "Re: RFID Tags"
• Reply: c0ncept: "Re: RFID Tags"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:54 EDT