Comments on: Defcon 15: Exploiting authentication systems

By: Brian

Brian — Mon, 06 Oct 2008 18:36:23 +0000

Locks only keep honest people honest.

/old adage
/locksmith & electronic security tech

By: alex

alex — Wed, 21 Nov 2007 07:50:40 +0000

How can I buy one of this

By: Nitin Kushwaha

Nitin Kushwaha — Sun, 07 Oct 2007 22:13:54 +0000

Hi,

This is true and possible, although it requires a lot of hands-on with the vendors device and reverse -engg, to understand what encryption is used in order to decrypt the RF signals which contains the Access codes and then to find the rest of the details.

a good explanation can be found by searching for RFID - Security.

Thanks.

Nitin Kushwaha
India
CHFI.CEH

By: Jay

Jay — Thu, 30 Aug 2007 21:26:19 +0000

Most of the time you will not even need to go through this. When I worked for a candy and soda vending company nobody every asked any questions. I was able to go to a few angel games… go into huge data centers… go into plants that are cutting air plane wings.. you name it.. All you need is a button up t shirt and a box on a dolly.

By: Christopher

Christopher — Thu, 16 Aug 2007 12:37:53 +0000

Yes! but do you have any guesses?

By: Lehua

Lehua — Thu, 16 Aug 2007 12:29:40 +0000

I cant able to open the given link, can you please help?

By: steven

steven — Thu, 16 Aug 2007 10:15:14 +0000

our website is www dot snc alarmlock dot com

By: steven

steven — Thu, 16 Aug 2007 10:12:23 +0000

SNC ALARMLOCK LLC

By: steven

steven — Thu, 16 Aug 2007 10:10:18 +0000

Do you know what locks is the most safety?

this is here. http://www.sncalarmlock.com

By: steven

steven — Thu, 16 Aug 2007 10:00:47 +0000

what locks can protect your safety? it is here.

By: Dr. Evil

Dr. Evil — Wed, 15 Aug 2007 06:00:27 +0000

I got this working with two continium transfunctioners and a pair of Paris hiltons jocky's.

its not different than a putting a data logger inline with a keyboard, this guys deserves a medal.

I agree with "whoever said it" that encryption is the key between the reader and the auth...

after reading this I took my inline keyboard datalogger, from way back, ps2 style... and put it inline with a barcode scanner here at work...
took the string of numbers it captured, went into MS Word, typed in those numbers, selected the bar code font, printed it out. put it under the scanner and vola...

again, not much of a hack, just common sense, I am sure there are some wiz bang systems out there that could really use some hacking, but as we all know anything communication that is not encrypted is open to everyone.

By: Defcon G00N

Defcon G00N — Thu, 09 Aug 2007 09:10:02 +0000

I was at the talk (and am a friend of Zac's). The device is installed into the wiring, and performs a MITM (man in the middle) attack on the reader. Since the reader is intercepting all communications, it can play back any arbitrary data it wants, or prevent any data from being transmitted. Filtering outgoing data is trivial, and that is how it prevents certain cards from working.

The problem is common with backwards compatible devices: older devices are not all retired at the same time, so often the first workable communications protocol becomes the standard, even after it is obsolete.

I expect Zac to expand the functionality greatly in his next release ;)

By: convictus

convictus — Tue, 07 Aug 2007 00:00:30 +0000

In many of the buildings that I have been in where there where proximity card readers the ones most vulnerable to this type of attack are located in the gaze of CCTV, the ones that are on the outside of the building have always amused me though. Why are they not put on the secure side of the glass? The “wireless” signal should be able to penetrate the glass, if not secure “tamper resistant” hoods could be installed. The ones that emit dye that are used to cover some dormitory fire alarms to prevent prank pulls.

By: Card_Access_is_Me

Card_Access_is_Me — Mon, 06 Aug 2007 22:04:53 +0000

Most are installed with Tamper Proof Screws. IF you can get back into the reader to loosen those screws after you hot glue them, then so can the Hack.

By: localroger

localroger — Mon, 06 Aug 2007 21:34:20 +0000

This is not only perfectly workable and dead simple, one could get very creative with it. In addition to replacing your pet card with a real code for personal access, you could occasionally randomize the real codes passed through. Imagine the delicious chaos this would cause :-) Most techs will not suspect this kind of thing and if it’s done with a little subtlety they will just think the system is hosed and erect workarounds, which you could then exploit.