Comments on: RFID reader denial of service

By: Annon

Annon — Sun, 28 Nov 2010 23:32:00 +0000

A good DoS on old fashion barcodes involves a UV marker and a bit of time – go to your friendly local grocer’s with your UV pen, and put a vertical slash through each of the barcodes – Invisible to the naked eye, but plenty visible to the scanners. If you want to step it up and have a multiple vector DDoS – get a few mates to help you out. :P

By: simple

simple — Wed, 17 Sep 2008 10:29:30 +0000

that’s really simple and woah not worth all that atention…

By: Heath Jones

Heath Jones — Tue, 10 Jun 2008 18:09:11 +0000

Would be cool if you could actually use the energy in the field to power/charge something. Has anyone seen buffer overflow attacks or similar for these devices? I'm guessing the signature / hash that is sent back from the tag is of a fixed length though.

H

By: McDave

McDave — Tue, 10 Jun 2008 15:49:41 +0000

Booring…This ‘hack’ happens to me most days that I travel on the London underground. The useless readers on the station gates can’t distinguish between my Oyster card and my university ID/smart card, both of which are in my wallet. The gates beep at me with error codes flashing up. Can’t be bothered to separate the cards though as it usually works on the second try.

By: Harvie

Harvie — Tue, 10 Jun 2008 14:54:47 +0000

Nice. Thinking about replacing the coil with a bigger one. That may enable you DOSing from bigger distance…

By: JoeyVee

JoeyVee — Tue, 10 Jun 2008 10:11:03 +0000

Interseting Topic

By: Ed

Ed — Tue, 10 Jun 2008 08:49:45 +0000

hadak: sure, it’s easy: just get a fake rfid passport, get into the custom’s officer booth and tape the fake rfid passport under the officer’s passport reader. Of course you’ll get arrested, and if by miracle you manage to do this somehow, you won’t get through customs since your RFID passport will be detected as broken. Wow, what a hack! :-)

By: Ian

Ian — Tue, 10 Jun 2008 07:32:04 +0000

Re. 8: put another similar chip in the RF field of the reader. Or just hit your passport with a hammer. See all of those things that it says NOT to do? Do them.

By: Ian

Ian — Tue, 10 Jun 2008 06:53:32 +0000

Actually, most 13.56MHz RFID systems *can* read multiple tags in the field. This characteristic is probably not used in this system because:
- It could be 125kHz (I don't know)
- It takes a whole lot more effort to implement
- In an access control situation, you don't want to open the door when there are two tags in the field and one is set to 'deny'.

You could also take a hammer to the reader. Same effect, less effort.

By: digitalfx

digitalfx — Tue, 10 Jun 2008 06:18:18 +0000

This has been a well know problem with HID and most other readers for years. People run in to the same problem when they carry two badges next to each other and wonder why they can’t open a door. If he was smart he would have popped off the cover (which is not fastened in any way, not even by screws on the ProxPro II) and taped or set it inside the reader housing. This way it wouldn’t be noticed at all.

By: HaDAk

HaDAk — Tue, 10 Jun 2008 06:03:50 +0000

So, how can you use this to negate the RFID chip in your passport?

By: pascal

pascal — Tue, 10 Jun 2008 05:58:36 +0000

i thought there were some systems that could cope with multiple tags in the readers range (like warehouses would use, drive a truck through the reader and know the tag of every item in it)? it might require some intelligence on the tag though (ie listening to other tags, waiting random amount of time, then sending etc)

but wouldn’t an antenna with a strong resistor suffice to “suck the energy” out of the field produced by the reader, so there won’t be enough left to power legitimate tags? or, like when attacking ATM machines, simply add another case on top of the reader, made of lead :D

By: Tom

Tom — Tue, 10 Jun 2008 03:26:52 +0000

Scraping the bottom of the barrel now, are we? I can't believe the guy actually put together a whole setup to demonstrate this. The fact that RFID readers can't detect multiple devices is a current limitation of the technology and extremely well known.

This is like putting a piece of black tape over a barcode reader and calling it a DoS.

By: Liam

Liam — Tue, 10 Jun 2008 03:08:28 +0000

I think its a hack, screw you man!

By: halld

halld — Tue, 10 Jun 2008 03:08:25 +0000

I've known about this for the last 8 years. This isn't a hack. The reader can only intake one rfid signature at a time (at least this proximity reader used commonly for door access. More than one (crosstalk) results in it doing nothing. Remove one and it reads the other.

This is a prank at best.