Comments on: ShmooCon 2009: Chris Paget’s RFID cloning talk

By: L: Halfhill

L: Halfhill — Sat, 11 Jul 2009 21:07:54 +0000

TRY READING THE LEFT BEHIND SERIES…..THE DEVIL IS MARKING HIS OWN…..

By: benny

benny — Sat, 16 May 2009 15:22:11 +0000

hi…
i am not really posting a comment just trying to get an information..pls does anyone have a link to any hacker that could help me with a one time job..this is so very important to me…its a matter of urgency..pls i need a genuine hacker..someone that could crack into something not quite easy to crack into.
pls if you have any such information pls kindly send me an email to parislohan1@yahoo.com.
thank you…

By: Nitori

Nitori — Fri, 20 Feb 2009 13:39:54 +0000

Like anything DHS was involved in WHTI is very flawed technology.
I would not call the implementation of WHTI bad because it goes beyond bad it’s utter sh–.
The only way to make RFID secure is to make it’s range as short as possible having a 30 foot range is fundamentally broken.
It would be all to easy to randomly kill the tags and the device to do could be as small as a first gen ipod.
I wish they would simply disband DHS as I do not feel safer because of them if anything the opposite and it would free up a lot of tax dollars for more important things.
You should be thankful of guys like him for pointing out that anything Orwellian is flawed.

By: signal7

signal7 — Wed, 18 Feb 2009 17:48:11 +0000

simple. I’m not that bright, but the first thing that occurred to me was that someone needs to fabricate an RFID that emits a jamming carrier. Go ahead and try to read *my* passport! The jammer would be stuck just inside the front cover.

By: dan

dan — Wed, 18 Feb 2009 00:03:01 +0000

i wonder if i am the only person who thinks that this all seems a little pointless and self-congratulatory. he didn’t even do anything that the technology isn’t supposed to do in the first place. all he did was fix a broken reader and then use it for what it was designed to do.

you may clone as many people’s RFID passcards as you like, but it won’t change the fact that when you swipe it at the border it’ll be some other dude’s face that comes up on the screen.

using the RFID tags people regularly carry to ‘profile’ and thus track them is an issue that has been discussed for years, and it being reiterated by mr. paget doesn’t really bring anything new to the table.

to be honest, recently it seems that purely by playing with RFID and making some sarcastic comments one can go far in the ‘security’ community. obviously we need to approach new technologies with a cynical eye (and rigorous testing), but in this case chris paget doesn’t really say or do anything novel.

By: schobi

schobi — Tue, 17 Feb 2009 21:54:00 +0000

congratulations for the great talk!

I would like to propose a new direction for further research:

The long range antenna stuff is nice for record breaking. For security there is no point in increasing the range any further. I can read your tag without you noticing … that should be far enough.

But Antenna gain and more power can also help against shielding.
Have you ever wondered why your cell phone still shows network bars within the microwave? (don’t turn it on!) The oven shields but only some dB. The GSM signal will be attenuated but there is still enough left for establishing a connection.

Same thing could be done with better antennas and higher power. A tag within a shipping container or a truck might still be readable. Or probably tags with the tin foil shield could then be read?

Only for short distance, high power and antenna gain – but there would be no way of escaping any more …

By: MRE

MRE — Tue, 17 Feb 2009 17:47:12 +0000

If 500 people got together on the mexico border, with 500 randomly tagged cards each, and attempted to cross the border at the same time…

would anybody notice?

By: Wwhat

Wwhat — Tue, 17 Feb 2009 16:36:37 +0000

Actually it’s great, if you are actually accused of criminal activity you can now claim the RFID detected could be anybody, since this busts open the uniqueness argument, and that’s pretty good for us that don’t like the complete 1984-style tracking of people.

By: PogoGamesOnline

PogoGamesOnline — Tue, 17 Feb 2009 16:03:35 +0000

good good good presentation

By: cynic

cynic — Tue, 17 Feb 2009 13:58:18 +0000

It’s always boring… until you get arrested for having links to a drug smuggling cartel because some *bad ass* l33ted your RFID ass.

By: TJHooker

TJHooker — Tue, 17 Feb 2009 09:09:33 +0000

Outside passive car ECM systems and inventory control, rfid is still kinda boring to most people. if you where associated with a trademarked firm though this would be a worth while investment though.

By: chippy

chippy — Tue, 17 Feb 2009 08:12:29 +0000

meh… was so.. so..

By: Túlio Fernandes

Túlio Fernandes — Tue, 17 Feb 2009 04:07:48 +0000

Amazing presentation.