RFID is dead; long live RFID!

Presented at CarolinaCon 13 (2017), May 19, 2017, 8:15 p.m. (60 minutes)

In many cases, building access badges have gone the way of "keep it secret; keep it safe", similar to how physical locks were shrouded for many years. Just as with physical locks, this does nothing to effectively control risk for an organization. For the suits - In order to perform proper tests of design and effectiveness (i.e. a risk assessment), the technologies in use must be understood if an accurate threat model is to be created. For the breakers - This talk will provide an overview of existing tech and attack methods that have proven to be highly-effective in good, old-fashioned B&E of an environment using RFID-based authentication entry controls. Including demonstrations for both design flaws and compromise models, this talk will explore the technologies behind RFID-based access, common implementation issues, and methods to clone and/or replay virtually all RFID cards in current use to gain unauthorized access to a badge-controlled facility.

Presenters:

• smrk3r
  smrk3r is an intern for the FALE Association of Locksport Enthusiasts. Supposedly he does red-teaming too and is very technical in the industry.

Links:

• https://infocon.org/cons/CarolinaCon/CarolinaCon 13 2017/smrk3r - RFID is dead long live RFID.mp4
• https://infocon.org/cons/CarolinaCon/CarolinaCon 13 2017/smrk3r - RFID is dead long live RFID.srt (subtitles)
• https://www.youtube.com/watch?v=8txUoit3Lgo

Similar Presentations:

• BSidesSF 2019 / RFID Hacking Workshop
• DEF CON 21 (2013) / RFID Hacking: Live Free or RFID Hard
• Black Hat USA 2013 / RFID Hacking: Live Free or RFID Hard