While in Vancouver, Canada for CanSecWest we had a chance to catch up with [Marc]. He showed off a very simple Denial-of-Service attack that works for most commercial RFID reader systems. He worked out this physical DoS with [Adam Laurie], whose RFID work we featured last year.
You can use this hack to lure out the security/tech ppl so you can access their place.
Another fun idea is to put a (strong) transmitter behind the door that is to be opened.
Posted at 8:05 pm on Jun 9th, 2008 by DarkFader
I’ve known about this for the last 8 years. This isn’t a hack. The reader can only intake one rfid signature at a time (at least this proximity reader used commonly for door access. More than one (crosstalk) results in it doing nothing. Remove one and it reads the other.
This is a prank at best.
Posted at 8:08 pm on Jun 9th, 2008 by halld
I think its a hack, screw you man!
Posted at 8:08 pm on Jun 9th, 2008 by Liam
Scraping the bottom of the barrel now, are we? I can’t believe the guy actually put together a whole setup to demonstrate this. The fact that RFID readers can’t detect multiple devices is a current limitation of the technology and extremely well known.
This is like putting a piece of black tape over a barcode reader and calling it a DoS.
Posted at 8:26 pm on Jun 9th, 2008 by Tom
i thought there were some systems that could cope with multiple tags in the readers range (like warehouses would use, drive a truck through the reader and know the tag of every item in it)? it might require some intelligence on the tag though (ie listening to other tags, waiting random amount of time, then sending etc)
but wouldn’t an antenna with a strong resistor suffice to “suck the energy” out of the field produced by the reader, so there won’t be enough left to power legitimate tags? or, like when attacking ATM machines, simply add another case on top of the reader, made of lead :D
Posted at 10:58 pm on Jun 9th, 2008 by pascal
This has been a well know problem with HID and most other readers for years. People run in to the same problem when they carry two badges next to each other and wonder why they can’t open a door. If he was smart he would have popped off the cover (which is not fastened in any way, not even by screws on the ProxPro II) and taped or set it inside the reader housing. This way it wouldn’t be noticed at all.
Posted at 11:18 pm on Jun 9th, 2008 by digitalfx
Actually, most 13.56MHz RFID systems *can* read multiple tags in the field. This characteristic is probably not used in this system because:
- It could be 125kHz (I don’t know)
- It takes a whole lot more effort to implement
- In an access control situation, you don’t want to open the door when there are two tags in the field and one is set to ‘deny’.
You could also take a hammer to the reader. Same effect, less effort.
hadak: sure, it’s easy: just get a fake rfid passport, get into the custom’s officer booth and tape the fake rfid passport under the officer’s passport reader. Of course you’ll get arrested, and if by miracle you manage to do this somehow, you won’t get through customs since your RFID passport will be detected as broken. Wow, what a hack! :-)
Posted at 1:49 am on Jun 10th, 2008 by Ed
Interseting Topic
Posted at 3:11 am on Jun 10th, 2008 by JoeyVee
Booring…This ‘hack’ happens to me most days that I travel on the London underground. The useless readers on the station gates can’t distinguish between my Oyster card and my university ID/smart card, both of which are in my wallet. The gates beep at me with error codes flashing up. Can’t be bothered to separate the cards though as it usually works on the second try.
Posted at 8:49 am on Jun 10th, 2008 by McDave
Would be cool if you could actually use the energy in the field to power/charge something. Has anyone seen buffer overflow attacks or similar for these devices? I’m guessing the signature / hash that is sent back from the tag is of a fixed length though.
H
Posted at 11:09 am on Jun 10th, 2008 by Heath Jones
that’s really simple and woah not worth all that atention…
Posted at 3:29 am on Sep 17th, 2008 by simple
Hack a Day serves up fresh hacks each day, every day from around the web and a special How-To hack each week.
Powered by WordPress
that’s a hack? not really. he’s taped a non-valid a rfid key to a reader. wow. NEXT!
Posted at 7:57 pm on Jun 9th, 2008 by happy gilmore