RFID is dead; long live RFID!

Presented at CarolinaCon 13 (2017), May 19, 2017, 8:15 p.m. (60 minutes).

In many cases, building access badges have gone the way of "keep it secret; keep it safe", similar to how physical locks were shrouded for many years. Just as with physical locks, this does nothing to effectively control risk for an organization. For the suits - In order to perform proper tests of design and effectiveness (i.e. a risk assessment), the technologies in use must be understood if an accurate threat model is to be created. For the breakers - This talk will provide an overview of existing tech and attack methods that have proven to be highly-effective in good, old-fashioned B&E of an environment using RFID-based authentication entry controls. Including demonstrations for both design flaws and compromise models, this talk will explore the technologies behind RFID-based access, common implementation issues, and methods to clone and/or replay virtually all RFID cards in current use to gain unauthorized access to a badge-controlled facility.

Presenters:

  • smrk3r
    smrk3r is an intern for the FALE Association of Locksport Enthusiasts. Supposedly he does red-teaming too and is very technical in the industry.

Links:

Similar Presentations: