Hackers Could Clone Your Entry Card from Your Pocket

Status
Not open for further replies.

KelvinTy

Distinguished
Aug 17, 2011
33
0
18,580
We probably all see it coming, but never bothered to think about it...
I, for one, have 5 of them in my wallet, they interfere each other constantly, and I have to pull one of them out to make it work. So, I am not sure if it still poses a security threat.
 

Lord_Kitty

Honorable
May 31, 2013
1
0
10,510
We probably all see it coming, but never bothered to think about it...
I, for one, have 5 of them in my wallet, they interfere each other constantly, and I have to pull one of them out to make it work. So, I am not sure if it still poses a security threat.


I think you just found the solution to the problem.
 

rodbowler

Distinguished
Aug 16, 2011
6
0
18,510
Passive RFID's can indeed be encrypted, and in fact all of mine are. As to the strength of the encryption, that's another story.
 

rclarke250

Distinguished
Jun 12, 2010
1
0
18,510
I fail to see how this is even news, this was a known threat years ago, how do you think they can steal your bank card and credit card information by passing you on the street. Same technology. People and companies need to be smart, get badge holders and credit card sleeves from places like Identity Stronghold.
 

_Cosmin_

Distinguished
Jan 19, 2006
57
0
18,590
This is the first step in expanding it`s range... then these readers will be linked to security cameras and big brother knows every move you make!
 
Why doesn't RFID die already? Is it really that difficult to swipe a card? A magnetic strip is secure. I use magnetic strip cards to pay for stuff all the time. I fail to see how it is so inconvenient to swipe instead of wave. You still have to manipulate the card near the reader in either case.
 

Honis

Distinguished
Mar 16, 2009
383
0
18,930
Passive RFID cards run off the readers power (the reader transmits a signal and the card broadcasts using that power similar to the wireless charging that's become popular lately.) It's not really a surprise that the distance factor was overcome. Before this was overcome, it was just a matter of concealing a reading antenna in a glove, briefcase, purse, etc and standing in a crowded place making sure to brush past other brief cases, purses, and hindquarters.
 
Think you mean Faraday cage. And yeah, that's a solution. Not a perfect one though - how many people are going to ignore it and just keep the card separate.

RSA in RFID tags FTW. Have it broadcast the public key and sign a piece of random data sent to it.
 

InvalidError

Distinguished
Moderator
RFID devices that hold important / private information need to use RFID micro-controllers with secure authentication; not mere RFID data tags.

Example of secure system:
1- security checkpoint detects a tag and sends a 1KB one-time pad to it
2- RFID micro-controller encrypts the one-time pad with AES128 using its private key and returns a SHA1 hash with its account number or other ID
3- security checkpoint device sends the pad, account ID and hash to authentication servers
4- authentication servers verify that the returned hash is valid for that account's key and authorize/deny access accordingly
 

kujospam

Distinguished
May 10, 2011
3
0
18,510
All you need to do is make an RFID passive key fob. So it does a calculation that changes every 30 seconds. So the Reader sends power and a time stamp and then the RFID chip sends back the code. The code would only be good for 30 seconds or whatever. Just like they use for VPN authentication. The difference being you don't have to type in that stupid number back into the computer. RFID does it for you.
 

ddpruitt

Honorable
Jun 4, 2012
226
0
10,860
Brown said his device has a 100 percent success rate.

I question anyone claiming 100% success rate. Even a well tested design will glitch and fail occasionally. While this is old news my guess is whatever he's claiming is more than just a bit sketchy.
 
Status
Not open for further replies.