Meetup -- RFID

1,138 views

Published on

Meetup -- RFID for http://www.meetup.com/IOToronto

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,138
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
18
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Meetup -- RFID

  1. 1. Hack for Fun with RFID Kevin2600
  2. 2. Agenda● RFID overview && Security● RFID Research devices (PM3; ACR112..)● Real world scenarios analyze (LF,HF,NFC)● Conclusion && Tips of how to protect our privacy
  3. 3. RFID is everywhere
  4. 4. RFID Overview● Tag types: Various sizes and shapes e.g. Keyring; Credit-Card● Tag types: Active (Battery) and Passive (No internal Power Source)
  5. 5. RFID Security● HID Proxcard2 found mostly on Access control system. Come with no authentication, encryption, or any other real security mechanism. Just plain-text.● The most popular RFID Card types (Mifare Ultralight; Mifare Classic; DESFire). Use ISO 14443A & operating on 13.56mhz. In the year 2007, Researchers found weakness of Mifare classic protocol. And managed to crack the Crypto1.● NFC Credit cards support EMV-style contact-less payment. EMV stands for EuroPay, Master-card, Visa, which is a global standard for bank smart cards.● The core of the EMV protocol is based on the transmission of Application Protocol Data Units (APDUs). Most of the APDUs sent between the two devices, are transmitted in plain-text. Cryptographic security is only employed in the authorization phases of a transaction.
  6. 6. RFID toolkit: Swiss knife Proxmark3The Proxmark III is the most powerful open source device availablefor performing RFID research.Can be use for reading; Sniff and emulate High and low frequencytags, almost behind every RFID research projects.
  7. 7. Live demo (PM3 Sniffing)
  8. 8. RFID toolkit: ACR112● Touchatag Reader (PN532 Chipset)● RFIDiot: python library for reading/writing/ RFID cards● LIBNFC libnfc is a library for communicating with ISO14443 RFID tags. libnfc works with NXP PN53x series chipsets
  9. 9. Live demo (Crack Mifare1)
  10. 10. RAW DATA Analysis
  11. 11. Video demo (College ID) (http://youtu.be/E-nk4Jrm-gA)
  12. 12. Video demo (Payment) (http://youtu.be/5WvdebLIKL0)
  13. 13. Live demo (CIBC Credit card)
  14. 14. Conclusion● HID Proxcard2 card – Not secure at all !!!● NFC Credit cards – Be Paranoid when using them !!!● MIFARE Classic – Use for public payment is a very bad idea !!!
  15. 15. Hack for Fun with RFID● www.libnfc.org● www.proxmark.org● chaos-lab.blogspot.ca● Kevin2600@gmail.com● Any Ideas; Projects; Job offers are welcome :)

×