RFID readers hacked

Next week at the Black Hat Briefings in Las Vegas, Fran Brown, will release the end result of his work to break into a secure facility: a modified RFID reader that can capture data from 125KHz low frequency RFID badges from up to three feet away. Previous RFID hacking tools must be within centimeters of a victim to work properly; Brown’s tool would allow an attacker or pen-tester to store the device inside a backpack and it would silently grab card data from anyone walking close enough to it.

“This is the difference between a practical and impractical attack,” said Brown, managing partner at consultancy Bishop Fox. Brown said his attack has been tested numerous times with a 100 percent success rate; he added he’s been able to train other consultants to use the tool and have them capable of doing so within 10 minutes.

An attacker can in theory capture card data, clone it onto a new card, and be able to access a physical facility. For a large company with 100,000 employees, you’re looking at at least that many replacement badges and readers, often in many countries. HID, a leading proximity-card manufacturer, admitted in a June blogpost that its legacy 125KHz cards are vulnerable, yet are still in place in 80 percent of physical access control systems despite the availability of more secure alternatives.