Wednesday, 29 July 2015

RFID Technology


Most of the geeks and cyber punks will be familiar with what is RFID Technology, its uses and its vulnerabilities. For those who are new to this field,

Radio-frequency identification (RFID) is the wireless use of electromagnetic fields to transfer data, for the purposes of automatically identifying and tracking tags attached to objects. The tags contain electronically stored information. 

For more details you could read this in Wikipedia.

The magnetic strip credit cards which we use in our day-to-day life also makes use of RFID technology. We could not totally say it is insecure. It could be made secure by 
i) Buying a wallet with metal finish, which doesnt allow radio waves to enter in 
ii) Wrapping up the card with aluminium foil which you get cheaply in the market

There are RFID readers available in the market. When you type in RFID in Amazon, you get more than 200 results in which you will find different types of readers with different prices, sizes and applications. The range of some cards also differ. RFID readers come in with their own limitations but if you are a good programmer and have a sound knowledge about technology and hardware, you could modify it to make the reader do illegal works for you.

Technology is like a double edged knife, you could use it to create and you could also use to destroy. 

There are even ways to destroy your RFID chip (if required). Keep the chip in a microwave oven for atleast 5 sec or you could also beat it with a hammer.

Now lets come to the Hacking part. We are not going to use any software for that, but you gotta buy a special hardware for $10. The name of the special hardware is BLEkey. Today two researchers have found a way to exploit the vulnerability in the RFID communication protocol, so that an RFID card could be easily cloned. 

Mark Baseggio from security firm Accuvant and Eric Evenchick from Faraday Future who developed BLEkey are going to present their findings at next week's Black Hat security conference in Las Vegas, where the duo will also distribute first 200 BLEkeys for just $10 each.

The idea behind BLEkey is to aware technologies such as HID proximity cards, which distribute access cards used by majority of offices and buildings all over the world, as well as show that Wiegand protocol is inherently outdated and shouldn't be used anymore.

According to the researchers, BLEkey can be installed in less than two minutes and is capable to store data from more than 1,500 RFID cards, which can then be downloaded to a mobile phone via Bluetooth to clone the cards.

BLEkey Functionalities

Now, these cloned cards can be used by hackers to gain physical access to sensitive areas, like a data center or check printing room.

Also, the tiny device also offers some unique functionality, such as disabling the card reader for two minutes after the intruder opens a door using cloned card.

Researchers estimate that around 80 percent of office buildings still use vulnerable RFID readers for physical access control.

Meanwhile the businesses replace these vulnerable systems with the more secure technologies, Baseggio suggested building to:

·         Enable tamper switches to detect if someone has messed with the card readers
·         Install a camera on the card readers to capture the photograph of an intruder

These are just temporary solutions that could be made it possible to see who used a cloned card, although it does not solve the root issue.

The duo will release the hardware design and source code of BLEkey online after their talk in Las Vegas next week. Their findings not only raises awareness among security professionals but also inspires manufacturers to develop the more secure technology.