Re: Radio Signal Pent test (RFID)

From: Byron Sonne (blsonne@rogers.com)
Date: Sat Dec 17 2005 - 13:28:35 EST

• Next message: Thor (Hammer of God): "Re: SQL Injection - SQL query comments"
• Previous message: Keith: "Microsoft Special Deals"
• In reply to: Josh Perrymon: "RE: Radio Signal Pent test (RFID)"
• Next in thread: toe ...: "Re: Radio Signal Pent test (RFID)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> I'm looking at how far RFID can be sniffed...

I doubt it's going to be sniffable very far. All of the RFID stuff I've
seen works much like proximity readers for the swipe cards that I use to
get into the building at work.

The tags, much like the prox cards, first have to be energized by the
reader themselves, and generally only exchange information under
distances of half a metre or so, usually less. The energizing takes
place on one frequency, and the transmission back from the tag/card
takes place on another (usually higher?) frequency. Think about it: if
all these tags were live and transmitting the whole time, I don't care
if it's spread spectrum or not, you're talking about potentially
hundreds of thousands of items spitting out data. That would be rather
hard to manage.

There is of course larger more powerful units, like toll highway
transponders for cars/trucks. or the ones used on trains and freight
cars. But those are still designed for rather short distances.

This isn't 802.11 or bluetooth, I don't think you'll be able to sit in a
parking lot outside and read the inventory with a hacked up antenna.
Unless you have some crazy kind of technology or something, in which
case, I want in on it :)

Cheers,
Byron

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Thor (Hammer of God): "Re: SQL Injection - SQL query comments"
• Previous message: Keith: "Microsoft Special Deals"
• In reply to: Josh Perrymon: "RE: Radio Signal Pent test (RFID)"
• Next in thread: toe ...: "Re: Radio Signal Pent test (RFID)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:17 EDT