Are most RFID access control cards susceptable to interception? I can see the security features built into something like RFID Credit Cards.. but I'm betting this is not the case with RFID access cards.
Obviously, I can't validate this until I get a RFID reader/writer.
If this is the case then it's a global problem. Not only for accessing a building illegally-- but this is a form of stealing a users identify. A lot of companies use the backend data from the card readers to trend workers in/out time and areas accessed. blah blah blah.
Plus, I'd like to try this on my next on-site hack.
JP
PacketFocus.com
On 6/27/06, mikeiscool <
[EMAIL PROTECTED]> wrote:
On 6/27/06, Josh L. Perrymon < [EMAIL PROTECTED]> wrote:
> My post was based more on *existing* RFID implementations used for physical
> security access cards.
>
> I know that non-contact cards such as RFID Credit Cards use encryption so
> on... But are still vulnerable to non-authorized transactions.. I'm mean..
> there is no green button you push to authorize the transaction.
>
> But I just don't believe that the RFID access-card I use to access client
> premeises use any type of encryption or only communicate with specific
> readers.
>
> IF* this is the case then an attacker should have no problems powering the
> card and making a "copy" of the contents.
so what's your question then? how your card works? or how to make it secure?
> JP
> PacketFocus
>
> www.packetfocus.com
> [EMAIL PROTECTED]
-- mic
CMLRA, Mirios
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
