The document discusses Near Field Communication (NFC) technology and security issues related to NFC-based ticketing systems. It provides an overview of common NFC card standards like MIFARE Classic and Ultralight, describes vulnerabilities that have been found in their cryptographic protections. The document outlines a reference architecture for modern ticketing systems and examines security weaknesses in each component. It then introduces several tools that can be used to evaluate such systems, including the HydraNFC, Proxmark3, and NFCulT Android app created by Opposing Force. Attack techniques like lock, time and reply attacks are explained as ways to exploit NFC tickets and bypass validation mechanisms.
Opposing Force research presentation on Smart Cities security and Smart Mobility technologies penetration testing (DEF CON 24 | HITB GSEC Singapore 2016)
The document outlines an electronic access control workshop focusing on attacking NFC and RF-based systems. It discusses the history and components of access control systems, including tokens, readers, controllers and backends. Specific NFC card technologies like MIFARE Classic, MIFARE Ultralight and HID iClass are examined, noting many have been broken or have shared encryption keys. The document then proposes a methodology for penetration testing NFC access systems and reviews tools like HydraNFC, ProxMark3 and ChameleonMini that can emulate NFC cards or sniff RF transmissions.
Do you know how many Bluetooth-enabled devices are currently present in the world? With the beginning of the IoT (Internet of Things) and Smart Bluetooth (Low energy) we find in our hands almost a zillion of them.
Are they secure? What if I tell you I can unlock your Smartphone? What if I tell you I'm able to open the new shiny SmartLock you are using to secure your house's door? In this talk we will explain briefly how the Bluetooth (BDR/EDR/LE) protocols work, focusing on security aspects. We will show then some known vulnerabilities and finally we will consider deeply undisclosed ones, even with live demonstrations.
The document discusses Near Field Communication (NFC) technology and security issues related to NFC-based ticketing systems. It provides an overview of common NFC card standards like MIFARE Classic and Ultralight, describes vulnerabilities that have been found in their cryptographic protections. The document outlines a reference architecture for modern ticketing systems and examines security weaknesses in each component. It then introduces several tools that can be used to evaluate such systems, including the HydraNFC, Proxmark3, and NFCulT Android app created by Opposing Force. Attack techniques like lock, time and reply attacks are explained as ways to exploit NFC tickets and bypass validation mechanisms.
Opposing Force research presentation on Smart Cities security and Smart Mobility technologies penetration testing (DEF CON 24 | HITB GSEC Singapore 2016)
The document outlines an electronic access control workshop focusing on attacking NFC and RF-based systems. It discusses the history and components of access control systems, including tokens, readers, controllers and backends. Specific NFC card technologies like MIFARE Classic, MIFARE Ultralight and HID iClass are examined, noting many have been broken or have shared encryption keys. The document then proposes a methodology for penetration testing NFC access systems and reviews tools like HydraNFC, ProxMark3 and ChameleonMini that can emulate NFC cards or sniff RF transmissions.
Do you know how many Bluetooth-enabled devices are currently present in the world? With the beginning of the IoT (Internet of Things) and Smart Bluetooth (Low energy) we find in our hands almost a zillion of them.
Are they secure? What if I tell you I can unlock your Smartphone? What if I tell you I'm able to open the new shiny SmartLock you are using to secure your house's door? In this talk we will explain briefly how the Bluetooth (BDR/EDR/LE) protocols work, focusing on security aspects. We will show then some known vulnerabilities and finally we will consider deeply undisclosed ones, even with live demonstrations.
The document discusses hardware hacking and designing playful experiences that foreground social interactions using technologies beyond screens and keyboards. It notes some challenges in designing asynchronous games where players are geographically distant and game states need to be shared and enforced. Some past solutions discussed include large public scoreboards and custom hardware. The document advocates for designing tactile games using mobile phones, GPS devices, and other interactive objects to transform relationships with technology in a playful way.
This document provides an overview of a workshop on introductory hardware firmware hacking. It outlines the agenda which includes discussing embedded devices, security issues, and solutions. It then demonstrates analyzing the firmware of a DVRF device by exploring stack buffer overflows, disassembling MIPS binaries, and using static and dynamic analysis tools to investigate the device's functions and potential exploits.
This document provides an introduction to hardware hacking using Raspberry Pi and Arduino. It discusses why hardware hacking is interesting and rewarding as it allows interacting with the physical world. It then provides tutorials on basic projects like blinking an LED using Raspberry Pi and Arduino to illustrate hardware interfacing concepts. These include using GPIO pins on Raspberry Pi and digital pins on Arduino boards. The document encourages exploring additional capabilities like I2C, SPI and serial communication. It also introduces Arduino shields and provides examples of infrared communication and emulating human interface devices.
This document discusses hardware hacking techniques for reverse engineering devices on a budget. It introduces tools like logic analyzers, JTAG debuggers, and open source software that can be used to identify chip components, access device interfaces, extract file systems, and perform reverse engineering. Specific tips are provided for using tools like Saleae logic analyzers and OpenOCD to access UART, JTAG, and file systems on example router and chip components. The document aims to demonstrate affordable methods for hardware analysis and modification.
This presentations introduces some common protocols used in electronics, and how to sniff/speak them. Then a bit about USB, and some interesting hacks with these things.
Then a bit about openwrt and router hacking.
A BEGINNER’S JOURNEY INTO THE WORLD OF HARDWARE HACKINGSilvio Cesare
This document provides an introduction to hardware hacking for software engineers. It outlines several beginner hardware hacking projects, including interfacing with UART to gain serial console access on devices, ripping firmware from chips to analyze code and find passwords/strings, manipulating IR alarm systems by learning codes and repurposing remotes, and building an Arduino-controlled backyard irrigation system networked to a PC. The document explains how to identify important chips, interfaces, and voltages, and techniques for reading serial flash and desoldering chips to extract firmware. It presents hardware hacking as an accessible new hobby that can build skills in electronics and low-level programming.
Coders need to learn hardware hacking NOWMatt Biddulph
The document discusses hardware hacking and the Arduino prototyping board. It describes how Arduino makes hardware hacking easier by providing an open-source prototyping board and IDE. Arduino boards can be powered by batteries, allowing fully autonomous computing devices. The document encourages readers to experiment with hardware hacking through inexpensive components and by modifying devices like remote control cars.
So, you want to build a hardware product? Every so often, a device comes along that changes the way we live our daily lives and things are never the same again. With today's digital technology, such devices may come more frequently than in the past - personal gadgets you cannot live without. What’s inside? What makes it tick? How do you find out? In this sharing session, Mark will provide an introduction to hardware hacking and why it matters, going through some quick tips on getting cosy with hardware to find out what makes it tick. Mark (MK FX) is a founder of Bazinga! Pte Ltd, a technology development and prototyping company that builds gadgets from ideas. An engineer since birth, because if you can dream it, think it - you can build it.
Presentation at DFRWS 2014, Denver, Colorado - The application of reverse engineering techniques against the Arduino microcontrollers to acquire uploaded applications.
This document discusses router forensics and security. It provides an overview of routers and common router attacks. It outlines the process of performing router forensics, including collecting volatile data, investigating incidents, and documenting findings. The document also discusses why router resources need protection and why router forensics is important for addressing security issues, monitoring activity, and regulatory compliance.
This document discusses JTAG (Joint Test Action Group) interface, which is a standard interface used for testing, debugging, and programming embedded systems. It allows full control and observability of chips via a 5-pin interface. Key points include:
- JTAG allows boundary scan testing which tests interconnects without physical test points.
- It has advantages like simpler board layouts, cheaper test fixtures, and faster debugging.
- Many devices like FPGAs and microcontrollers support JTAG for programming and debugging.
- Open source software like OpenOCD and proprietary tools support various JTAG adapters and devices.
- Real applications include manufacturing testing, system configuration/maintenance, and design verification
Hardware hacking involves analyzing and modifying electronic devices at the hardware level. It is important because secure software relies on secure underlying hardware, but hardware is often overlooked from a security perspective. Hardware hacking requires some basic electronics knowledge as well as tools like a multimeter, logic analyzer, and oscilloscope. Common hardware hacking techniques involve identifying chip components, reading datasheets, probing pins to analyze protocols, and modifying hardware configurations. The document provides an overview of hardware hacking concepts and demonstrations of hardware attacks.
This document discusses hardware reverse engineering and provides an overview of the process. It begins by defining reverse engineering and discussing its uses. It then recommends various tools, including logic analyzers, RF analysis tools, oscilloscopes, and JTAG debuggers. The document outlines initial steps like opening the casing and identifying ICs. It discusses hunting for datasheets, diagnostic ports like JTAG and serial, finding serial ports, radio analysis, flash memory, and invasive techniques. It introduces a reverse engineering training platform called Labyrinth.
CNIT 126 4: A Crash Course in x86 DisassemblySam Bowne
Slides for a college course at City College San Francisco. Based on "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software", by Michael Sikorski and Andrew Honig; ISBN-10: 1593272901.
Instructor: Sam Bowne
Class website: https://samsclass.info/126/126_S17.shtml
Cheap, good, hackable tools from China: AVR component testerDobrica Pavlinušić
This document discusses building an AVR-based component tester using cheap parts from China to test transistors, resistors, capacitors, and other components salvaged from electronic junk. It provides instructions and source code for a DIY component tester that can be built for less than buying a pre-made tester. The document shares the motivation and learning opportunity of this project, outlines the hardware and software used, and discusses modifications made and additional features included. It also provides examples of other hackable cheap tools from China that can be modified through accessing and modifying their source code.
This document discusses using JTAG to access and reprogram hardware from discarded electronics in order to reuse or repurpose the boards. It focuses on using JTAG to investigate and reprogram an Altera CPLD chip on an NComputing X300 dongle. The key steps discussed are using a Bus Blaster JTAG interface and UrJTAG software to identify the JTAG pins, read and toggle the CPLD's I/O pins, and program new firmware onto the CPLD using an SVF file. Alternative approaches like using an FX2 USB device or OpenOCD for JTAG are also mentioned.
This document discusses using a Raspberry Pi as a versatile development and debugging platform for programming various microcontrollers and devices via its GPIO pins. It provides examples of using the Raspberry Pi to program AVR microcontrollers, CPLDs, FPGAs, and CC110x chips via tools like OpenOCD, urjtag, and avrdude. It also shows examples of interfacing sensors, displays, and other peripherals to the Raspberry Pi GPIO for experimentation and prototyping.
The document discusses hardware hacking and designing playful experiences that foreground social interactions using technologies beyond screens and keyboards. It notes some challenges in designing asynchronous games where players are geographically distant and game states need to be shared and enforced. Some past solutions discussed include large public scoreboards and custom hardware. The document advocates for designing tactile games using mobile phones, GPS devices, and other interactive objects to transform relationships with technology in a playful way.
This document provides an overview of a workshop on introductory hardware firmware hacking. It outlines the agenda which includes discussing embedded devices, security issues, and solutions. It then demonstrates analyzing the firmware of a DVRF device by exploring stack buffer overflows, disassembling MIPS binaries, and using static and dynamic analysis tools to investigate the device's functions and potential exploits.
This document provides an introduction to hardware hacking using Raspberry Pi and Arduino. It discusses why hardware hacking is interesting and rewarding as it allows interacting with the physical world. It then provides tutorials on basic projects like blinking an LED using Raspberry Pi and Arduino to illustrate hardware interfacing concepts. These include using GPIO pins on Raspberry Pi and digital pins on Arduino boards. The document encourages exploring additional capabilities like I2C, SPI and serial communication. It also introduces Arduino shields and provides examples of infrared communication and emulating human interface devices.
This document discusses hardware hacking techniques for reverse engineering devices on a budget. It introduces tools like logic analyzers, JTAG debuggers, and open source software that can be used to identify chip components, access device interfaces, extract file systems, and perform reverse engineering. Specific tips are provided for using tools like Saleae logic analyzers and OpenOCD to access UART, JTAG, and file systems on example router and chip components. The document aims to demonstrate affordable methods for hardware analysis and modification.
This presentations introduces some common protocols used in electronics, and how to sniff/speak them. Then a bit about USB, and some interesting hacks with these things.
Then a bit about openwrt and router hacking.
A BEGINNER’S JOURNEY INTO THE WORLD OF HARDWARE HACKINGSilvio Cesare
This document provides an introduction to hardware hacking for software engineers. It outlines several beginner hardware hacking projects, including interfacing with UART to gain serial console access on devices, ripping firmware from chips to analyze code and find passwords/strings, manipulating IR alarm systems by learning codes and repurposing remotes, and building an Arduino-controlled backyard irrigation system networked to a PC. The document explains how to identify important chips, interfaces, and voltages, and techniques for reading serial flash and desoldering chips to extract firmware. It presents hardware hacking as an accessible new hobby that can build skills in electronics and low-level programming.
Coders need to learn hardware hacking NOWMatt Biddulph
The document discusses hardware hacking and the Arduino prototyping board. It describes how Arduino makes hardware hacking easier by providing an open-source prototyping board and IDE. Arduino boards can be powered by batteries, allowing fully autonomous computing devices. The document encourages readers to experiment with hardware hacking through inexpensive components and by modifying devices like remote control cars.
So, you want to build a hardware product? Every so often, a device comes along that changes the way we live our daily lives and things are never the same again. With today's digital technology, such devices may come more frequently than in the past - personal gadgets you cannot live without. What’s inside? What makes it tick? How do you find out? In this sharing session, Mark will provide an introduction to hardware hacking and why it matters, going through some quick tips on getting cosy with hardware to find out what makes it tick. Mark (MK FX) is a founder of Bazinga! Pte Ltd, a technology development and prototyping company that builds gadgets from ideas. An engineer since birth, because if you can dream it, think it - you can build it.
Presentation at DFRWS 2014, Denver, Colorado - The application of reverse engineering techniques against the Arduino microcontrollers to acquire uploaded applications.
This document discusses router forensics and security. It provides an overview of routers and common router attacks. It outlines the process of performing router forensics, including collecting volatile data, investigating incidents, and documenting findings. The document also discusses why router resources need protection and why router forensics is important for addressing security issues, monitoring activity, and regulatory compliance.
This document discusses JTAG (Joint Test Action Group) interface, which is a standard interface used for testing, debugging, and programming embedded systems. It allows full control and observability of chips via a 5-pin interface. Key points include:
- JTAG allows boundary scan testing which tests interconnects without physical test points.
- It has advantages like simpler board layouts, cheaper test fixtures, and faster debugging.
- Many devices like FPGAs and microcontrollers support JTAG for programming and debugging.
- Open source software like OpenOCD and proprietary tools support various JTAG adapters and devices.
- Real applications include manufacturing testing, system configuration/maintenance, and design verification
Hardware hacking involves analyzing and modifying electronic devices at the hardware level. It is important because secure software relies on secure underlying hardware, but hardware is often overlooked from a security perspective. Hardware hacking requires some basic electronics knowledge as well as tools like a multimeter, logic analyzer, and oscilloscope. Common hardware hacking techniques involve identifying chip components, reading datasheets, probing pins to analyze protocols, and modifying hardware configurations. The document provides an overview of hardware hacking concepts and demonstrations of hardware attacks.
This document discusses hardware reverse engineering and provides an overview of the process. It begins by defining reverse engineering and discussing its uses. It then recommends various tools, including logic analyzers, RF analysis tools, oscilloscopes, and JTAG debuggers. The document outlines initial steps like opening the casing and identifying ICs. It discusses hunting for datasheets, diagnostic ports like JTAG and serial, finding serial ports, radio analysis, flash memory, and invasive techniques. It introduces a reverse engineering training platform called Labyrinth.
CNIT 126 4: A Crash Course in x86 DisassemblySam Bowne
Slides for a college course at City College San Francisco. Based on "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software", by Michael Sikorski and Andrew Honig; ISBN-10: 1593272901.
Instructor: Sam Bowne
Class website: https://samsclass.info/126/126_S17.shtml
Cheap, good, hackable tools from China: AVR component testerDobrica Pavlinušić
This document discusses building an AVR-based component tester using cheap parts from China to test transistors, resistors, capacitors, and other components salvaged from electronic junk. It provides instructions and source code for a DIY component tester that can be built for less than buying a pre-made tester. The document shares the motivation and learning opportunity of this project, outlines the hardware and software used, and discusses modifications made and additional features included. It also provides examples of other hackable cheap tools from China that can be modified through accessing and modifying their source code.
This document discusses using JTAG to access and reprogram hardware from discarded electronics in order to reuse or repurpose the boards. It focuses on using JTAG to investigate and reprogram an Altera CPLD chip on an NComputing X300 dongle. The key steps discussed are using a Bus Blaster JTAG interface and UrJTAG software to identify the JTAG pins, read and toggle the CPLD's I/O pins, and program new firmware onto the CPLD using an SVF file. Alternative approaches like using an FX2 USB device or OpenOCD for JTAG are also mentioned.
This document discusses using a Raspberry Pi as a versatile development and debugging platform for programming various microcontrollers and devices via its GPIO pins. It provides examples of using the Raspberry Pi to program AVR microcontrollers, CPLDs, FPGAs, and CC110x chips via tools like OpenOCD, urjtag, and avrdude. It also shows examples of interfacing sensors, displays, and other peripherals to the Raspberry Pi GPIO for experimentation and prototyping.
Sentinet3 is a Unified Proactivo monitoring solution that enables a complete IT Infrastructure control.
With Sentinet3 an IT administrator will be able to do a System, Network, Application, Cybesecurity ad Environmental monitoring with only one solution.
It's selling model in a unlimited and perpetual licences makes Sentinet3 a cost effective solution with a low TCO.
Sentinet3 strong points are:
1) Easy to Use
2) Opend to open source world
3) Easy deploy
4) Cross platform monitoring
5) Easy to customize
6) Selling mode
7) Fast and effective customer service
8) Made in italy
Proteggi il tuo cammino verso l’industria 4.Jordi García
Entro il 2019, il 92% delle imprese avranno adottato sistemi di Internet of Things. I benefici della tecnología IoT sono giá largamente provati e conosciuti, tanto quanto i rischi, che non devono essere sottovalutati. Per ridurre al minimo la possibilitá di brecce e intrusioni nella rete, Aruba ha sciluppato un sistema di sicurezza che permette di sfruttare al massimo il potenziale dell’IoT.
Cosa dobbiamo ancora capire sui containers?
Sicurezza: Cosa cambia, Come mi adeguo e Dove mi Fermo?
Attacchi:un esempio pratico di resilienza delle architetture a Containers
Presentazione (prima della riduzione per motivi di tempo) della tesi di laurea specialistica "Metodologie di estrazione di evidenze digitali da dispositivi embedded Symbian-based"
Presentazione corso sicurezza informatica Vicenza SoftwarePiero Sbressa
Corso di sicurezza informatica scritto per Vicenza Software. Qua il link per l'iscrizione: http://corsi.vicenzasoftware.com/tutti-i-corsi/corso/sicurezza-informatica/category_pathway-13.html
2. Me
||
§ Roberto
Fin
§ Founder &
Chief
Executive
Officer
(CEO)
di
Opposing
Force
§ La
prima
azienda
italiana
specializzata
nell’offensive
physical security
§ Twitter:
@_RFgod |
@_opposingforce
3. Agenda
||
§ EACS
§ Problematiche
e
rischi
§ NFC
§ Vantaggi
§ Caso
di
studio:
metropolitana
di
Milano
§ Conclusioni
5. Aree
di
impiego ||
§ Disciplinare
l’accesso
ad
aree
aziendali
riservate
(e.g.,
uffici
aziendali
o
data
center)
§ Fornire
l’accesso
ad
un
servizio
tramite
ticket
elettronici
(e.g.,
trasporti
pubblici)
6. Tecnologie
||
§ Sistemi
di
accesso
NFC/RFID/banda
magnetica
§ Sistemi
automatici
di
apertura
di
porte
e
cancelli
a
RF
§ Serrature
elettroniche
§ Basate
su
PIN,
card,
dati
biometrici,
etc.
7. Agenda
||
§ EACS
§ Problematiche
e
rischi
§ NFC
§ Vantaggi
§ Caso
di
studio:
metropolitana
di
Milano
§ Conclusioni
8. Problematiche
||
§ L’installazione
di
una
tecnologia
per
l’accesso
ad
un’area
di
un’azienda
o
ad
un
servizio
a
pagamento
è
una
scelta
critica
§ Un’implementazione
del
sistema
non
sicura
potrebbe
infatti
consentire
l’accesso
a
soggetti
non
autorizzati
9. Possibili
conseguenze
||
§ Furti
§ Identità
§ Proprietà
intellettuale
§ Attrezzature
§ Attacchi
distruttivi
§ Perdita
di
introiti
10. Tailgating ||
§ Accodarsi
a
una
persona
mentre
attraversa
un
punto
d’accesso
sfruttando
quindi
la
sua
autorizzazione
§ In
alcuni
contesti
è
molto
difficile
da
individuare
e
spesso
viene
utilizzato,
anche
da
persone
con
una
legittima autorizzazione,
giusto
per
comodità..
§ Fondamentale
effettuare
in
aree
critiche
un
test
di
verifica
della
reazione
del
personale
al
tailgating
12. Agenda
||
§ EACS
§ Problematiche
e
rischi
§ NFC
§ Vantaggi
§ Caso
di
studio:
metropolitana
di
Milano
§ Conclusioni
13. NFC
||
§ Near
Field
Communication
§ Insieme
di
protocolli
per
la
comunicazione
bidirezionale
a
corto
raggio
tra
dispositivi
contactless
§ Alcune
tecnologie:
MIFARE
Classic,
DesFire e
HID
14. Campi
di
utilizzo ||
§ Pagamenti
contactless
§ Fidelity
card
§ Controllo
d’accesso
elettronico
§ Ticketing
§ etc.
15. Diffusione
delle
tecnologie
per
controllo
degli
accessi ||
Vendite
Mifare
Classic
HID
Mifare
Desfire
Mifare
Ultralight
18. Cloning
attack
||
§ La
possibilità
di
clonazione
di
un
badge
NFC
di
un
dipendente
può
compromettere
completamentela
sicurezza
dell’azienda
§ Se
la
tecnologia
utilizzata
non
sfrutta
sistemi
sicuri
di
crittografia
e
di
autenticazione,
un
aggressore
può
leggere
l’identificativo
del
badge
e
riutilizzarlo
19. Cloning
attack
per
MIFARE
Classic
||
§ Nessuna
autenticazione
richiesta
per
la
lettura
dell’identificativo
del
tag
§ Sistema
di
autenticazione
e
cifratura
per
la
lettura
dei
dati
restanti
dimostratosi
inefficace
e
facilmente
bypassabile
§ Clonazione
dell’
ID
in
meno
di
1
secondo
§ Clonazione
del
Tag
completo
in
meno
di
10
minuti
§ Tecnologia
ancora
molto
diffusa
20. Forging
attack
||
§ Un’implementazione
non
correttae
non testata
adeguatamente
può
portare
un
aggressore,
che
abbia
già
ottenuto
in
precedenza
i
dati
di
un
badge
valido,
a
poterli
modificare
§ Aumento
dei
privilegi
§ Eliminazione
scadenza
badge
§ Furto
d’identità
di
un
altro
utente
24. Agenda
||
§ EACS
§ Problematiche
e
rischi
§ NFC
§ Vantaggi
§ Caso
di
studio:
metropolitana
di
Milano
§ Conclusioni
25. Vantaggi
della
tecnologia
NFC
||
§ Nonostante
le
diverse
possibili
problematiche
a
cui
si
può
andare
incontro
nell’utilizzo
di
sistemi
EAC,
e
nello
specifico
che
utilizzano
tecnologia
NFC,
esistono
vantaggi
degni
di
nota
§ Possibilità
di
impostare
diversi
layer di
autorizzazione
§ Rapida
gestione
e
verifica
degli
accessi
§ Minor
suscettibilità
a
malfunzionamenti
26. Vantaggi
della
tecnologia
NFC
||
§ Se
implementato
correttamente,
è
possibile
disporre
di
un
sistema
performante
e
centralizzato
§ Ogni
badge
potrà
poi
essere
collegato
ad
un
layer di
autorizzazione
che
gli
permetterà
l’accesso
solo
a
specifiche
aree
aziendali
§ Con
un
sistema
centralizzato
è
possibile
monitorare
in
tempo
reale
quali
porte
sono
state
aperte
e
da
quale
utente
27. Vantaggi
della
tecnologia
NFC
||
§ Un
badge
NFC
non
è
soggetto
a
problematiche
quali
smagnetizzazione,
ed
è
sicuramente
più
performante
ed
economico
rispetto
ad
un’autenticazione
biometrica
§ Infine
i
badge
NFC,
a
differenza
di
quelli
con
bar-‐code,
possono
essere
riutilizzati
ed
assegnati
con
facilità
ad
altri
utenti
e
possono
quindi
essere
utili
anche
come
badge
temporanei
per
guest
29. Putting
all
together
– NFC
||
§ In
definitiva
un
sistema
di
controllo
degli
accessi
basato
su
tecnologia
NFC
ha
una
serie
di
vantaggi
molto
interessanti,
soprattutto
per
aziende
medio-‐grandi
che
hanno
da
gestire
un
buon
numero
di
dipendenti
e
guest
§ Esso
però
deve
essere
implementato
correttamente,
testato
e
verificato,
sia
pre-‐implementazione
sia
a
posteriori
30. Agenda
||
§ EACS
§ Problematiche
e
rischi
§ NFC
§ Vantaggi
§ Caso
di
studio:
metropolitana
di
Milano
§ Conclusioni
32. Caso
di
studio
||
§ Oltre
ai
biglietti
cartacei,
come
titoli
di
viaggio
vengono
utilizzate
card
come
la
ricaricabile
RicaricaMI avente
tecnologia
MIFARE
Classic
33. Caso
di
studio
||
§ Ci
si
è
focalizzati
sulla
card
RicaricaMI con
lo
scopo
di
individuare
le
problematiche/vulnerabilità
che
interessano
l’implementazione
della
tecnologia
MIFARE
Classic
nella
Metropolitana
di
Milano
34. Caso
di
studio
– MIFARE
Classic
||
§ Area
dati
da
1kB
divisa
in
16
settori
da
64
byte
§ Possibilità
di
disporre
di
chiavi
di
accesso
ai
settori
di
dati
(due
chiavi
per
settore)
§ Ogni
ticket/chip
ha
un
identificativo
“univoco”
da
4
byte
chiamato
UID
§ Ogni
settore
può
avere
delle
“regole”
che
ne
determinano
i
permessi
di
lettura/scrittura
dell’utente
35. Caso
di
studio
– MIFARE
Classic
||
§ La
cifratura
dei
settori,
che
utilizza
chiavi
a
48
bit,
è
stata
violata
diversi
anni
fa
§ Spesso
vengono
impiegate
chiavi
di
default
per
alcuni
o
tutti
i
settori
§ Data
una
chiave
di
un
settore,
possibilità
di
ottenere
le
altre
chiavi
molto
velocemente
36. Caso
di
studio
– MIFARE
Classic
||
§ Lo
studio
è
stato
svolto
in
modalità
completamente
black
box,
utilizzando
le
torrette
di
ricarica
poste
all’esterno delle
stazioni
§ Durante
la
nostra
analisi
non
sono
MAI state
effettuate
corse
non
pagate
37. Caso
di
studio
– MIFARE
Classic
||
§ Problematiche
rilevate
§ Utilizzo
di
una
chiave
di
default
per
uno
dei
16
settori
§ Il
processo
di
recupero
delle
altre
chiavi
risulta
molto
veloce
§ Utilizzo
delle
stesse
chiavi
per
tutti
le
tessere
RicaricaMI
§ Ottenendo
le
chiavi
di
una
tessera
è
possibile
scrivere
e
leggere
qualsiasi
altra
tessera
38. Caso
di
studio
– MIFARE
Classic
||
§ Test:
modifica
del
numero
di
corse
rimanenti
sulla
tessera
e
inserimento
della
stessa
nella
torretta
§ Risultato:
il
biglietto
viene
considerato
valido
e
con
il
numero
di
corse
restanti
uguale
a
quello
scritto
§ Non
viene
verificato
“online”
il
numero
di
corse
rimanenti
per
uno
specifico
biglietto
(UID)
§ La
verifica
probabilmente
avviene
“offline”
39. Caso
di
studio
– MIFARE
Classic
||
§ Test:
copia
dei
dati
di
una
tessera
su
una
differente
(con
diverso
identificativo)
§ Risultato:
entrambe
le
tessere,
e
i
dati
in
esse
contenuti,
vengono
considerate
valide
§ Non
è
presente
sulla
tessera
una
“firma”
che
consenta
di
verificare
l’integrità
dei
dati
§ Per
clonare
una
tessera
è
dunque
necessaria
solo
la
copia
dei
dati
40. Agenda
||
§ EACS
§ Problematiche
e
rischi
§ NFC
§ Vantaggi
§ Caso
di
studio:
metropolitana
di
Milano
§ Conclusioni
41. Conclusioni ||
§ L’analisi
ha
permesso
di
individuare
alcune
criticità
che
però
dovrebbero
essere
oggetto
di
ulteriori
studi
§ Tramite
reverse
engineering
dei
dati
sulla
tessera
potrebbe
essere
possibile
localizzare
altri
dati
critici
(luogo
e
data
di
accesso)
da
manipolare