[NetBehaviour] The RFID Hacking Underground.
marc.garrett at furtherfield.org
Thu May 25 18:55:23 CEST 2006
The RFID Hacking Underground.
They can steal your smartcard, lift your passport, jack your car, even
clone the chip in your arm. And you won't feel a thing. 5 tales from the
By Annalee Newitz (Wired).
James Van Bokkelen is about to be robbed. A wealthy software
entrepreneur, Van Bokkelen will be the latest victim of some punk with a
laptop. But this won't be an email scam or bank account hack. A skinny
23-year-old named Jonathan Westhues plans to use a cheap, homemade USB
device to swipe the office key out of Van Bokkelen's back pocket.
"I just need to bump into James and get my hand within a few inches of
him," Westhues says. We're shivering in the early spring air outside the
offices of Sandstorm, the Internet security company Van Bokkelen runs
north of Boston. As Van Bokkelen approaches from the parking lot,
Westhues brushes past him. A coil of copper wire flashes briefly in
Westhues' palm, then disappears.
Van Bokkelen enters the building, and Westhues returns to me. "Let's see
if I've got his keys," he says, meaning the signal from Van Bokkelen's
smartcard badge. The card contains an RFID sensor chip, which emits a
short burst of radio waves when activated by the reader next to
Sandstorm's door. If the signal translates into an authorized ID number,
the door unlocks.
The coil in Westhues' hand is the antenna for the wallet-sized device he
calls a cloner, which is currently shoved up his sleeve. The cloner can
elicit, record, and mimic signals from smartcard RFID chips. Westhues
takes out the device and, using a USB cable, connects it to his laptop
and downloads the data from Van Bokkelen's card for processing. Then,
satisfied that he has retrieved the code, Westhues switches the cloner
from Record mode to Emit. We head to the locked door.
"Want me to let you in?" Westhues asks. I nod.
He waves the cloner's antenna in front of a black box attached to the
wall. The single red LED blinks green. The lock clicks. We walk in and
find Van Bokkelen waiting.
"See? I just broke into your office!" Westhues says gleefully. "It's so
simple." Van Bokkelen, who arranged the robbery "just to see how it
works," stares at the antenna in Westhues' hand. He knows that Westhues
could have performed his wireless pickpocket maneuver and then returned
with the cloner after hours. Westhues could have walked off with tens of
thousands of dollars' worth of computer equipment - and possibly source
code worth even more. Van Bokkelen mutters, "I always thought this might
be a lousy security system."
More information about the NetBehaviour