It is really hard to find good information online about proximity cards. I’m sure some companies consider this obscurity a form of security, but Jonathan Westhues demonstrates how severely flawed that notion is. He found a data sheet mentioning a 125kHz carrier frequency. He was off and running from there, eventually building a device that can read and repeat a proximity card’s data. It’s been argued that RFID technology is safe because of the short read distance. Jon actually found it easier to passively read cards that were being energized by a legitimate reader than by the device alone. Make sure you check out his home built PCB mill while you’re at the site.
[Thanks barbobot]
Wow
Nice. Here, in Warsaw, we use proximity cards (MIFARE kind) to enter the subway station and as bus tickets. Let’s hope I won’t get into trouble reading other people’s tickets :)
Sophomore? students at Olin College (www.olin.edu) made a similar contraption. They built their own USB reader and also built a handheld spoofer. I got to see it when I visited. It was an interesting project, as the entire school’s physical security is based on these cards, and the students as a school sanctioned project broke it.
Gotta love the google ads for RFID tag printers in an article talking about the insecurities of RFID. Classic.
I think the ski areas around the world (the richer ones use proximity cards) are going to love this ;)
…but think of the possibilities: free entry to public transportation, schools and ski resorts. Also coming soon: amusement parks. Yay for proximity card spoofing.
Perimeter security breached ;)
For those interested, Jonathan will give a presentation on his proximity card reader/simulator at the REcon conference (www.recon.cx, Montreal, 17-19 June 2005).
Where can I buy one? I have a legitimate use for one at work.
HI