GoDaddy $1.99 Domains HiddenNetwork.com Banner
The ramblings and ravings of a part of everyone's imagination
  • Login to PSW
Icons stolen from FAMFAMFAM
My OpenNTF Projects
ASND Export Facility
ASND Mass Mailer
ASND Recruiting

Other Affiliated Sites
Idea Jam

follow Phigment at http://twitter.com
my del.icio.us
  • RSS Content Subscribe with Bloglines
  • [Valid RSS] Blogs that link here, Powered by Technorati
  • [Valid CSS] coComment Intgrated
  • Lotus Geek

View Sean Burgess's profile on LinkedIn

Add to Technorati Favorites!
addtomyyahoo.gif
Add to Google

This blog is hosted by

Edit this entry Search for similar pages on Google Add to del.icio.us Digg It! Add to Reddit SearchTechnorati for links to this entry Permenant Link
Is RFID secure?

After reading Wired's article entitled The RFID Hacking Underground, I don't believe so.

"I just need to bump into James and get my hand within a few inches of him," Westhues says. We're shivering in the early spring air outside the offices of Sandstorm, the Internet security company Van Bokkelen runs north of Boston. As Van Bokkelen approaches from the parking lot, Westhues brushes past him. A coil of copper wire flashes briefly in Westhues' palm, then disappears.

Van Bokkelen enters the building, and Westhues returns to me. "Let's see if I've got his keys," he says, meaning the signal from Van Bokkelen's smartcard badge. The card contains an RFID sensor chip, which emits a short burst of radio waves when activated by the reader next to Sandstorm's door. If the signal translates into an authorized ID number, the door unlocks.

The coil in Westhues' hand is the antenna for the wallet-sized device he calls a cloner, which is currently shoved up his sleeve. The cloner can elicit, record, and mimic signals from smartcard RFID chips. Westhues takes out the device and, using a USB cable, connects it to his laptop and downloads the data from Van Bokkelen's card for processing. Then, satisfied that he has retrieved the code, Westhues switches the cloner from Record mode to Emit. We head to the locked door.

"Want me to let you in?" Westhues asks. I nod.

He waves the cloner's antenna in front of a black box attached to the wall. The single red LED blinks green. The lock clicks. We walk in and find Van Bokkelen waiting.

I can envision a less than scrupulous co-worker using this type of theft to cover up their whereabouts in a secure facility.  Think about it:  it would be very easy to clone a person's card who has uber access to the facility and then use that card to get into places that are usually off limits.  Or worse, you could use the card to access the building at night when there is very little if any security and pilfer anything not locked down.  A person could have a nice little business going while throwing suspicion on some poor schmuck who's card he scanned.

The other scenarios talked about in the article are even more disturbing.  Imagine a government using the RFIDs in your E-Z pass to keep tabs on every where you go without your knowledge.  Scary!

This document was posted by Sean Burgess on Friday, May 12th, 2006 at 01:00:00 PM. It was written at Home (Laurel, MD). This document has been assigned to the following categories:  Computers . Technorati:
View blog reactions
<< Previous Document / Next Document >>
    Be the first in the world to comment on this entry!!!

Discussion for this entry is now closed.
Powered by DominoBlog, ver. 3.0.2