No building access control card? No problem if you have new tools

Posted by Cameron Schwab on February 25th, 2019

RFID card access systems are being used by most companies to let people within their complexes. But over the previous couple of years, researchers have shown how these systems can be easily bypassed.

Francis Brown, a partner at the computer security organization Bishop Fox, has recently been on the forefront of much of the research. In fact, he identified some of his tools and methods being used in the television program Mr. Robot, that can be noted for highly accurate technical detail.

Recently, he's been looking carefully at breaching high- and ultra-high frequency RFID (radio-frequency identification) systems, which are increasingly becoming utilized for physical security systems.

Each of our new gaming site is live! Gamestar covers video games, gaming gizmos and products. Subscribe to our e-newsletter and we'll email our best stuff directly to your inbox. Learn more here.

He's due to give a presentation at this year's Def Scam Hacking Conference in Algunas Vegas early next month with a bevy of new and improved software and hardware goodies.

"There are all kinds of areas that folks aren't considering at all that are fresh for exploitation, " this individual said.

Brown said his aim is to make it easier for sexual penetration testers to show how easy it is to clone employee badges, break in the action into buildings and vegetable network backdoors--without needing an electrical engineering degree to decode the vagaries of near-field communication (NFC) and RFID systems.

A few of years ago at the Black Hat convention, Brown showed how it was possible to "weaponize" an NFC card audience so that an gain access to card's details could be stolen merely by moving within a few toes of a targeted person, such as in a restaurant.

It is, however, getting harder to clone high-frequency building access cards anticipated to defensive measures people take to protect their cards.

For that reason, "the next step is to attack the building, " Brown said.

Right now Brown has been looking into how to enjoy a huge number of cards details by tampering with the RFID readers that grant building access. Your dog is improved after a prior tool he developed called the Tastic PCB (printed circuit board).

To mount the Tastic PCB, the lid is popped off a building's access credit card reader and wired in using vampire taps, Brown leafy said. Once in place, it records badge ideals of everybody who works their cards.

He's added a Bluetooth module to the Tastic PCB. With an accompanying Bluetooth software on his cellular phone, this individual can command the Tastic PCB to replay the details of the previous individual who entered the building, opening the doorway.

The attack is clever since it totally routes around some of the more recent cryptographic and authentication defense which may have been put in place for high- and ultra-high frequency NFC systems, Brown said.

"Essentially, I am just bypassing all that by breaking into the target audience, " he said.

When in an exceedingly building, an opponent must plant a backdoor to be able to harvest network data. There are a number of ways to do this.

Pertaining to instance, in an show of Mr. Robot, an intruder removes a snowboard from a climate control system and wires in a Raspberry Pi. It can a lttle bit of any fiddly job, though: He has to remove a panel from the climate control system, snip an ethernet wire and wire in the mini-computer.

A company called the Pwnie Express experienced an easier solution. This made a tool that looks like an ability strip but on the inside contains a Raspberry Pi including a sexual penetration testing toolkit. These devices, however, costed US, 000 and has since been stopped.

At Def Con, Dark brown said he will to push out a 3-D printable file that will let penetration testers print out their own high-quality shell of a power strip custom-made to hold a Raspberry Professional indemnity. The design will be released here after Brown's presentation on Aug. dokuz.

The cost of stamping the power strip is about , and a Raspberry Pi costs just , considerably bringing down the expense of a very sneaky tool. It's an everlasting backdoor that just needs to be plugged into a network port.

"Once My spouse and i physically break into a building, I leave it behind somewhere similar to an empty cube or a clear conference room plugged into their inner network, " Brown said. "It looks like something completely harmless. "

Bishop Fox has a web page online with the full range of RFID cracking tools and software they have already developed over the years.

Like it? Share it!

Cameron Schwab

About the Author

Cameron Schwab
Joined: July 29th, 2018
Articles Posted: 20

More by this author