Re: Radio Signal Pent test (RFID)

From: toe ... (tt.oo.ee@gmail.com)
Date: Mon Dec 26 2005 - 19:32:32 EST

• Next message: Matt: "Get Víagra Onlíne = Be A Sexual Superstar!"
• Previous message: Wray, Donald W: "RE: 3rd party vuln assesment firms"
• In reply to: Josh Perrymon: "RE: Radio Signal Pent test (RFID)"
• Next in thread: Toufeeq Hussain: "Re: Radio Signal Pent test (RFID)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

A RFID Denial of Service was proven at Defcon this year.
http://fromtheshadows.tv/ Has a short movie of the guys presenting
this (box 6.0).

-toe

On 12/16/05, Josh Perrymon <perrymonj@networkarmor.com> wrote:
> I'm doing a lot of research and looking into RFID pen-testing.
>
> My ideas would be to look at the RFID system as a whole not just the tags... GEN2 has some security features built in but I'm not sure how many people use it.. It was developed by a vendor and of course they push their hardware ..
>
> I'm looking at how far RFID can be sniffed... then are the tags writable?
>
> Could you sit in the parking lot and grab the inventory? Could you enter Wal-*** and write prices to the tags?
>
> What about the wireless backend to send the data from the RFID sensors to the DB or inventory software? What about the Software itself..???
>
> J Perrymon
>
> -----Original Message-----
> From: arif.jatmoko@sea.ccamatil.com [mailto:arif.jatmoko@sea.ccamatil.com]
> Sent: Thursday, December 15, 2005 2:53 AM
> To: Louie
> Cc: pen-test@securityfocus.com
> Subject: Re: Radio Signal Pent test (RFID)
>
>
>
>
> Pen-test against RFID is not targeted to excryption or data transmission,
> but primarily is information stored inside the tags itself. You could try
> www.rfdump.org.
> However some research proven that RFID transmitted data also can be
> decrypted. But I think this could be different among products
> implementation.
>
> Arif Jatmoko
>
> |+----------------------------+-------------------------------------------|
> || "Louie" | |
> || <bklow@tahaninsurance.com| To: |
> || > | <pen-test@securityfocus.com> |
> || | cc: (bcc: Arif |
> || 12/15/2005 08:07 AM | Jatmoko/IDN/SEA/CCA) |
> || | Subject: Radio Signal |
> || | Pent test (RFID) |
> || | |
> |+----------------------------+-------------------------------------------|
>
>
>
>
>
>
> Dear all,
> I would like to ask if some has done radio signal pen test
> (RFID), what are the tools used. Thanks
>
> Regards,
>
> Louie
>

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Matt: "Get Víagra Onlíne = Be A Sexual Superstar!"
• Previous message: Wray, Donald W: "RE: 3rd party vuln assesment firms"
• In reply to: Josh Perrymon: "RE: Radio Signal Pent test (RFID)"
• Next in thread: Toufeeq Hussain: "Re: Radio Signal Pent test (RFID)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:17 EDT