1. InfoconDB
  2. DEF CON
  3. DEF CON 23 (2015)
  4. RFIDiggity: Pentester Guide to Hacking HF/NFC and UHF RFID

RFIDiggity: Pentester Guide to Hacking HF/NFC and UHF RFID

Presented at DEF CON 23 (2015), Aug. 9, 2015, 1 p.m. (60 minutes)

Have you ever attended an RFID hacking presentation and walked away with more questions than answers? This talk will finally provide practical guidance for penetration testers on hacking High Frequency (HF - 13.56 MHz) and Ultra-High Frequency (UHF - 840-960 MHz). This includes Near Field Communication (NFC), which also operates at 13.56 MHz and can be found in things like mobile payment technologies, e.g., Apple Pay and Google Wallet. We'll also be releasing a slew of new and free RFID hacking tools using Arduino microcontrollers, Raspberry Pis, phone/tablet apps, and even 3D printing. This presentation will NOT weigh you down with theoretical details or discussions of radio frequencies and modulation schemes. It WILL serve as a practical guide for penetration testers to better understand the attack tools and techniques available to them for stealing and using RFID tag information, specifically for HF and UHF systems. We will showcase the best-of-breed in hardware and software that you'll need to build an RFID penetration toolkit. Our goal is to eliminate pervasive myths and accurately illustrate RFID risks via live attack DEMOS: High Frequency / NFC - Attack Demos: HF physical access control systems (e.g., iCLASS and MIFARE DESFire 'contactless smart card' product families) Credit cards, public transit cards, passports (book), mobile payment systems (e.g., Apple Pay, Google Wallet), NFC loyalty cards (e.g., MyCoke Rewards), new hotel room keys, smart home door locks, and more Ultra-High Frequency - Attack Demos: Ski passes, enhanced driver's licenses, passports (card), U.S. Permanent Resident Card ('green card'), trusted traveler cards Schematics and Arduino code will be released, and 100 lucky audience members will receive one of a handful of new flavors of our Tastic RFID Thief custom PCB, which they can insert into almost any commercial RFID reader to steal badge info or use as a MITM backdoor device capable of card replay attacks. New versions include extended control capabilities via Arduino add-on modules such as Bluetooth low energy (BLE) and GSM/GPRS (SMS messaging) modules. This DEMO-rich presentation will benefit both newcomers to RFID penetration testing as well as seasoned professionals.


Presenters:

  • Shubham Shah / Shubs - Security Analyst at Bishop Fox   as Shubham Shah
    Francis Brown, CISA, CISSP, MCSE, is a Managing Partner at Bishop Fox (formerly Stach & Liu), a security consulting firm providing IT security services to the Fortune 1000 and global financial institutions as well as U.S. and foreign governments. Before joining Stach & Liu, Francis served as an IT Security Specialist with the Global Risk Assessment team of Honeywell International where he performed network and application penetration testing, product security evaluations, incident response, and risk assessments of critical infrastructure. Prior to that, Francis was a consultant with the Ernst & Young Advanced Security Centers and conducted network, application, wireless, and remote access penetration tests for Fortune 500 clients. Francis has presented his research at leading conferences such as Black Hat USA, DEF CON, RSA, InfoSec World, ToorCon, and HackCon and has been cited in numerous industry and academic publications. Francis holds a Bachelor of Science and Engineering from the University of Pennsylvania with a major in Computer Science and Engineering and a minor in Psychology. While at Penn, Francis taught operating system implementation, C programming, and participated in DARPA-funded research into advanced intrusion prevention system techniques. Shubham Shah is a Security Analyst at Bishop Fox (formerly Stach & Liu), a security consulting firm providing IT security services to the Fortune 500, global financial institutions, and high-tech startups. Shubham's primary areas of expertise are application security assessment, source code review, and mobile application security. Shubham is a former bug bounty hunter who has submitted medium-high risk bugs to the bug bounties of large corporations such as PayPal, Facebook, and Microsoft. He regularly conducts web application security research and frequently contributes to the security of open-source projects. He has presented at Ruxcon and is known in Australia for his identification of high-profile vulnerabilities in the infrastructures of major mobile telecommunication companies. Prior to joining Bishop Fox, Shubham worked at EY. At EY, he performed web application security assessments and application penetration tests. Additionally, Shubham has been a contractor for companies such as Atlassian. As a contractor, he conducted external web application security penetration tests. Shubham also develops and maintains open-source projects such as Websec Weekly that assist the web application security industry. Twitter: @bishopfox Facebook: https://www.facebook.com/BishopFoxConsulting LinkedIn: https://www.linkedin.com/company/bishop-fox
  • Francis Brown - Partner - Bishop Fox
    Francis Brown, CISA, CISSP, MCSE, is a Managing Partner at Bishop Fox (formerly Stach & Liu), a security consulting firm providing IT security services to the Fortune 1000 and global financial institutions as well as U.S. and foreign governments. Before joining Stach & Liu, Francis served as an IT Security Specialist with the Global Risk Assessment team of Honeywell International where he performed network and application penetration testing, product security evaluations, incident response, and risk assessments of critical infrastructure. Prior to that, Francis was a consultant with the Ernst & Young Advanced Security Centers and conducted network, application, wireless, and remote access penetration tests for Fortune 500 clients. Francis has presented his research at leading conferences such as Black Hat USA, DEF CON, RSA, InfoSec World, ToorCon, and HackCon and has been cited in numerous industry and academic publications. Francis holds a Bachelor of Science and Engineering from the University of Pennsylvania with a major in Computer Science and Engineering and a minor in Psychology. While at Penn, Francis taught operating system implementation, C programming, and participated in DARPA-funded research into advanced intrusion prevention system techniques. Shubham Shah is a Security Analyst at Bishop Fox (formerly Stach & Liu), a security consulting firm providing IT security services to the Fortune 500, global financial institutions, and high-tech startups. Shubham's primary areas of expertise are application security assessment, source code review, and mobile application security. Shubham is a former bug bounty hunter who has submitted medium-high risk bugs to the bug bounties of large corporations such as PayPal, Facebook, and Microsoft. He regularly conducts web application security research and frequently contributes to the security of open-source projects. He has presented at Ruxcon and is known in Australia for his identification of high-profile vulnerabilities in the infrastructures of major mobile telecommunication companies. Prior to joining Bishop Fox, Shubham worked at EY. At EY, he performed web application security assessments and application penetration tests. Additionally, Shubham has been a contractor for companies such as Atlassian. As a contractor, he conducted external web application security penetration tests. Shubham also develops and maintains open-source projects such as Websec Weekly that assist the web application security industry. Twitter: @bishopfox Facebook: https://www.facebook.com/BishopFoxConsulting LinkedIn: https://www.linkedin.com/company/bishop-fox

Links:

Similar Presentations: