[Mr.Pantz] pointed us to a web page  we thought you would find interesting. It deals with hacking PC lock using a Universal Software Radio Peripheral (USRP) . Following the good practice of logging off or locking your workstation while your not at it, it is darn hard to get users to actually do it. These little gadgets are a 2 piece setup one being a usb dongle, and the other being a badge like device. If the badge is turned off or is a distance greater than ~30 feet, the signal is lost and the pc is locked.

From there all you really need to do is figure out what frequency the 2 are running at and what codes are flying around the air. Some careful eyeballing suggests that this operates in the 434MHz region much like remote lock dongles for your car, and once the device is apart some research of 2 of the IC’s on board confirms it. Using the GNU Radio spectrum analyzer a signal is quickly captured, dumped, and a script is created to send the signal back out, provided you have the correct hardware to do so.

When we first saw [Chris Paget]‘s cloning video, our reaction was pretty ‘meh’. We’d seen RFID cloning before and the Mifare crack was probably the last time RFID was actually interesting. His ShmooCon presentation, embedded above, caught us completely off-guard. It’s very informative; we highly recommend it.

The hardest part about selling this talk is that it has to use two overloaded words: ‘RFID’ and ‘passport’. The Passport Card, which is part the the Western Hemisphere Travel Initiative (WHTI), is not like the passport book that you’re familiar with. It has the form factor of a driver’s license and can only be used for land and sea travel between the USA, Canada, the Caribbean region, Bermuda, and Mexico. They’ve only started issuing them this year.

Read the rest of this entry »