2. Agenda
● RFID overview && Security
● RFID Research devices (PM3; ACR112..)
● Real world scenarios analyze (LF,HF,NFC)
● Conclusion && Tips of how to protect our privacy
4. RFID Overview
●
Tag types: Various sizes and shapes e.g. Keyring; Credit-Card
●
Tag types: Active (Battery) and Passive (No internal Power Source)
5. RFID Security
●
HID Proxcard2 found mostly on Access control system. Come with no
authentication, encryption, or any other real security mechanism. Just
plain-text.
●
The most popular RFID Card types (Mifare Ultralight; Mifare Classic; DESFire).
Use ISO 14443A & operating on 13.56mhz. In the year 2007, Researchers
found weakness of Mifare classic protocol. And managed to crack the Crypto1.
●
NFC Credit cards support EMV-style contact-less payment. EMV stands for
EuroPay, Master-card, Visa, which is a global standard for bank smart cards.
●
The core of the EMV protocol is based on the transmission of Application
Protocol Data Units (APDUs). Most of the APDUs sent between the two devices,
are transmitted in plain-text. Cryptographic security is only employed in the
authorization phases of a transaction.
6. RFID toolkit: Swiss knife Proxmark3
The Proxmark III is the most powerful open source device available
for performing RFID research.
Can be use for reading; Sniff and emulate High and low frequency
tags, almost behind every RFID research projects.
8. RFID toolkit: ACR112
●
Touchatag Reader (PN532 Chipset)
●
RFIDiot: python library for reading/writing/ RFID cards
●
LIBNFC libnfc is a library for communicating with ISO14443
RFID tags. libnfc works with NXP PN53x series chipsets
14. Conclusion
● HID Proxcard2 card – Not secure at all !!!
● NFC Credit cards – Be Paranoid when using them !!!
● MIFARE Classic – Use for public payment is a very bad idea !!!
15. Hack for Fun with RFID
● www.libnfc.org
● www.proxmark.org
● chaos-lab.blogspot.ca
● Kevin2600@gmail.com
● Any Ideas; Projects; Job offers are welcome :)