17 thoughts on “RFID Reader Denial Of Service

  1. You can use this hack to lure out the security/tech ppl so you can access their place.
    Another fun idea is to put a (strong) transmitter behind the door that is to be opened.

  2. I’ve known about this for the last 8 years. This isn’t a hack. The reader can only intake one rfid signature at a time (at least this proximity reader used commonly for door access. More than one (crosstalk) results in it doing nothing. Remove one and it reads the other.

    This is a prank at best.

  3. Scraping the bottom of the barrel now, are we? I can’t believe the guy actually put together a whole setup to demonstrate this. The fact that RFID readers can’t detect multiple devices is a current limitation of the technology and extremely well known.

    This is like putting a piece of black tape over a barcode reader and calling it a DoS.

  4. i thought there were some systems that could cope with multiple tags in the readers range (like warehouses would use, drive a truck through the reader and know the tag of every item in it)? it might require some intelligence on the tag though (ie listening to other tags, waiting random amount of time, then sending etc)

    but wouldn’t an antenna with a strong resistor suffice to “suck the energy” out of the field produced by the reader, so there won’t be enough left to power legitimate tags? or, like when attacking ATM machines, simply add another case on top of the reader, made of lead :D

  5. This has been a well know problem with HID and most other readers for years. People run in to the same problem when they carry two badges next to each other and wonder why they can’t open a door. If he was smart he would have popped off the cover (which is not fastened in any way, not even by screws on the ProxPro II) and taped or set it inside the reader housing. This way it wouldn’t be noticed at all.

  6. Actually, most 13.56MHz RFID systems *can* read multiple tags in the field. This characteristic is probably not used in this system because:
    – It could be 125kHz (I don’t know)
    – It takes a whole lot more effort to implement
    – In an access control situation, you don’t want to open the door when there are two tags in the field and one is set to ‘deny’.

    You could also take a hammer to the reader. Same effect, less effort.

  7. hadak: sure, it’s easy: just get a fake rfid passport, get into the custom’s officer booth and tape the fake rfid passport under the officer’s passport reader. Of course you’ll get arrested, and if by miracle you manage to do this somehow, you won’t get through customs since your RFID passport will be detected as broken. Wow, what a hack! :-)

  8. Booring…This ‘hack’ happens to me most days that I travel on the London underground. The useless readers on the station gates can’t distinguish between my Oyster card and my university ID/smart card, both of which are in my wallet. The gates beep at me with error codes flashing up. Can’t be bothered to separate the cards though as it usually works on the second try.

  9. Would be cool if you could actually use the energy in the field to power/charge something. Has anyone seen buffer overflow attacks or similar for these devices? I’m guessing the signature / hash that is sent back from the tag is of a fixed length though.


  10. A good DoS on old fashion barcodes involves a UV marker and a bit of time – go to your friendly local grocer’s with your UV pen, and put a vertical slash through each of the barcodes – Invisible to the naked eye, but plenty visible to the scanners. If you want to step it up and have a multiple vector DDoS – get a few mates to help you out. :P

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.