Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

No building access card? No problem if you have new Def Con tools

Jeremy Kirk | July 29, 2015
RFID card access systems are used by most companies to let people into their buildings. But over the last few years, researchers have shown how these systems can be easily bypassed.

RFID card access systems are used by most companies to let people into their buildings. But over the last few years, researchers have shown how these systems can be easily bypassed.

Francis Brown, a partner at the computer security firm Bishop Fox, has been on the forefront of much of the research. In fact, he recognized some of his tools and methods being used in the TV program Mr. Robot, which has been noted for highly accurate technical detail.

Lately, he's been looking closely at breaching high- and ultra-high frequency RFID (radio-frequency identification) systems, which are increasingly being used for physical security systems.

He's due to give a presentation at this year's Def Con Hacking Conference in Las Vegas early next month with a bevy of new and improved software and hardware goodies.

"There are all sorts of areas that people aren't thinking about at all that are ripe for exploitation," he said.

Brown said his aim is to make it easier for penetration testers to show how easy it is to clone employee badges, break into buildings and plant network backdoors -- without needing an electrical engineering degree to decode the vagaries of near-field communication (NFC) and RFID systems.

A couple of years ago at the Black Hat conference, Brown showed how it was possible to "weaponize" an NFC card reader so that an access card's details could be stolen merely by passing within a few feet of a targeted person, such as in a coffee shop.

It is, however, getting harder to clone high-frequency building access cards due to defensive measures people are taking to protect their cards.

Because of that, "the next step is to attack the building," Brown said.

Now Brown has been looking into how to harvest a large number of card details by tampering with the RFID readers that grant building access. He's improved upon a previous tool he developed called the Tastic PCB (printed circuit board).

To install the Tastic PCB, the lid is popped off a building's access card reader and wired in using vampire taps, Brown said. Once in place, it records badge values of everyone who scans their cards.

He's added a Bluetooth module to the Tastic PCB. With an accompanying Bluetooth app on his mobile phone, he can command the Tastic PCB to replay the card details of the last person who entered the building, opening the door.

The attack is clever since it totally routes around some of the newer cryptographic and authentication defenses that have been put in place for high- and ultra-high frequency NFC systems, Brown said.

"Essentially, I'm bypassing all of that by breaking into the reader," he said.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.