RFID Reader Snoops Cards from 3 Feet Away

rfidlongrangehack

Security researcher [Fran Brown] sent us this tip about his Tastic RFID Thief, which can stealthily snag the information off an RFID card at long range. If you’ve worked with passive RFID before, you know that most readers only work within inches of the card. In [Fran's] DEFCON talk this summer he calls it the “ass-grabbing method” of trying to get a hidden antenna close enough to a target’s wallet.

His solution takes an off-the-shelf high-powered reader, (such as the HID MaxiProx 5375), and makes it amazingly portable by embedding 12 AA batteries and a custom PCB using an Arduino Nano to interpret the reader’s output. When the reader sees a nearby card, the information is parsed through the Nano and the data is both sent to an LCD screen and stored to a .txt file on a removable microSD card for later retrieval.

There are two short videos after the break: a demonstration of the Tastic RFID Thief and a quick look at its guts. If you’re considering reproducing this tool and you’re picking your jaw off the floor over the price of the reader, you can always try building your own…

[Read more...]

Power Pwn’s price tag is as dangerous as it’s black-hat uses

This rather normal-looking power strip hides a secret inside. It’s called the Power Pwn, and it conceals hardware which facilitates remote penetration testing of a network. It really is the ultimate in drop hardware as you can quickly swap it with existing power strip. Who’s going to question it?

It’s got almost all the bells and whistles. There’s dual Ethernet ports, Bluetooth with 1000′ range, and WiFi with a high gain antenna. The SoC inside comes with Debian 6 and all the exploit tools you might want pre-loaded. There’s even a 3G adapter, but it’s external and not pictured above. The thing is, for a pre-order price-tag of  $1,295 we think that 3G should have been internalized and come with a lifetime unlimited data plan! That could be a bit overboard… our heads are still spinning from the sticker shock.

This isn’t the first time we’ve seen hardware from this company. Their Pwn Plug was used in this project. We just didn’t catch the $595 price tag for that device until now.

[via Reddit via Zdnet]

Penetration testing with the Raspberry Pi

PwnPi is a penetration testing distribution rolled up for the Raspberry Pi platform. This should come as no surprise to anyone. The RPi board has a beefy processor, it’s relatively low power, has the option of the on-board NIC or a USB WiFi dongle, and it already has Linux kernel and desktop sources available to start from.

Now we will admit we’re a bit disappointed from this tip. Don’t get us wrong, the distro looks like it’s well done, and we’re sure there are a lot of folks out there who will be happy to have these tools to help test their network security. But this is a software only hack and we were expecting to see a nice little covert package that could be plugged into an outlet (SheevaPlug style), or a battery-powered module that can be plugged into an Ethernet port and hidden away.

Now you know what we want, don’t forget to send in a link once you pull it off.

[Thanks Scott]

Cheap WiFi bridge for pen testing or otherwise

Twenty three dollars. That’s all this tiny pen-testing device will set you back. And there really isn’t much to it. [Kevin Bong] came up with the idea to use a Wifi router as a bridge to test a wired network’s security remotely. He grabbed a TP-Link TL-WR703N router, a low-profile thumb drive, and a cellphone backup battery; all cheaply available products.

No hardware hacking is necessary to connect the three components. The only other preparation needed is to reflash the router firmware with OpenWRT and load it up with common pen-testing software packages like Netcrack and Airhack.

[Kevin] calls this a drop box, because you find an Ethernet jack, plug it in, and drop it there. You can then connect to the router via Wifi and begin testing the wired network security measures. We’re sure images of espionage pop into your head from that description, but we’re certain this can be useful in other ways as well. If you ever find yourself with an Ethernet connection but no access to Wifi this is a quick way to setup an AP.

London’s 44Con is looking for a few good hackers

44con_banner

While we see plenty of security-related conferences here in the US, our friends across the pond were apparently anxious to hold a large-scale security conference of their own. At the helm of the first ever 44Con are DEF CON Goon [Adrian] and Penetration Tester [Steve Lord]. The pair are quite involved in London’s security community and are looking to bring like-minded individuals together over four days of security talks and workshops.

While 44Con’s list of speakers has been wrapped up, they are still looking for people to help run workshops on the 1st and 2nd of September. They are requesting that any hackers in the area drop them a line if interested.

Taking a look at their site, you can see that they have a nice selection of talks lined up catering to those on the business side of Information Security as well as deep technical discussions about threats and vulnerabilities. If you plan on hitting up the conference, be sure to let us know in the comments section.

An interesting take on WEP cracking

[Ben Kurtz] is doing a little WEP cracking but in a bit of a different way than we’re used to. WEP cracking makes us think of war driving; driving around with your laptop open, looking for WiFi access points, and stopping to run some software when you find them. [Ben's] way is similar but different in one key way, he’s using an iPhone as the frontend.

This started as a way to find a use for some leftover equipment. He threw together a Linux box and loaded up Aircrack-ng, the software we often see used in penetration testing. To remove himself from shady-looking activities in public he coded a web interface using the Python package Turbogears. It uses screen, a program often used with SSH to run services concurrently in different terminals, with the option to disconnect without stopping the processes. Now it’s just a matter of parking the hardware near an AP, and doing the work in a browser on your mobile device. You can check out the script he wrote, as well as installation instructions, in his post linked above.

[Thanks Tech B.]

[Note: Banner image not directly related to this post]

Make iPhone a penetration testing tool

[Nicholas Petty] has posted a guide to setting up your iPhone as a penetration tester. You already carry it around with you and, although not too beefy, it does have the hardware you need to get the job done. So if you’re not interested in building a drone or carrying around a boxy access point try this out. The first step is to jailbreak your device and setup OpenSSH so that you can tunnel in for the rest of the setup. From there the rest of the setup is just acquiring build tools and compiling pentesting programs like Aircrack-ng, Ettercap, Nikto2, and the Social Engineering Toolkit. You’ll be up to no good testing your wireless security in no time.

Follow

Get every new post delivered to your Inbox.

Join 91,338 other followers