RFID Reader Snoops Cards from 3 Feet Away


Security researcher [Fran Brown] sent us this tip about his Tastic RFID Thief, which can stealthily snag the information off an RFID card at long range. If you’ve worked with passive RFID before, you know that most readers only work within inches of the card. In [Fran's] DEFCON talk this summer he calls it the “ass-grabbing method” of trying to get a hidden antenna close enough to a target’s wallet.

His solution takes an off-the-shelf high-powered reader, (such as the HID MaxiProx 5375), and makes it amazingly portable by embedding 12 AA batteries and a custom PCB using an Arduino Nano to interpret the reader’s output. When the reader sees a nearby card, the information is parsed through the Nano and the data is both sent to an LCD screen and stored to a .txt file on a removable microSD card for later retrieval.

There are two short videos after the break: a demonstration of the Tastic RFID Thief and a quick look at its guts. If you’re considering reproducing this tool and you’re picking your jaw off the floor over the price of the reader, you can always try building your own…

[Read more...]

FareBot – Android NFC Proof of Concept


Upon learning that the Nexus S smartphone was equipped with a Near Field Communications NFC) radio, [Eric Butler] decided he would put the newly released Gingerbread SDK to good use.  Focusing initially on ORCA fare cards used by several Washington state transit systems, he built an open-source application he calls FareBot, which can read data from any MIFARE DESFire branded cards.  Utilizing the NFC radio in the Nexus S, he was able to dump all of the unprotected information from the fare cards, including  the remaining card balance and the last 10 locations where the card was used.

The author hopes that his proof of concept application encourages other developers to expand on his project and to explore the data stored on transit cards around the world. While it is in its early stages, [Eric] would ultimately like to see this project expanded to allow the use of NFC-enabled smartphones as transit cards themselves via downloadable apps.  He suggests that helping people understand the amount of data which can be freely obtained from these cards will eventually force the manufacturers to better inform consumers of the existing system’s shortcomings, which in turn might spur on smartphone-based transit initiatives.

Scratch built RFID tags


[nmarquardt] has put up an interesting instructable that covers building RFID tags. Most of them are constructed using adhesive copper tape on cardstock. The first version just has a cap and a low power LED to prove that the antenna is receiving power. The next iteration uses tilt switches so the tag is only active in certain orientations. The conclusion shows several different variations: different antenna lengths, conductive paint, light activated and more.

RFID reader denial of service

While in Vancouver, Canada for CanSecWest we had a chance to catch up with [Marc]. He showed off a very simple Denial-of-Service attack that works for most commercial RFID reader systems. He worked out this physical DoS with [Adam Laurie], whose RFID work we featured last year.