Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
For any nonsense or banter that doesn't fit anywhere else. LoL! omg! ROFL! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
RFID security...
Posted by: istari
Date: February 20, 2009 09:49AM

OK, so I was visiting Paris a few days ago, and to my surprise I found out that since my last visit a few years before the traditional subway tickets (which had a magnetic stripe just like credit cards) had been replaced by a more modern card, called NaviGo, which has an RFID tag (built into a conector somewhat similar to those used in the old telephone cards).

This got me thinking I have never seen any comprehensive analysis of RFID tag security, so I wonder if any of you can give me some info on whitepapers / articles / whatever concerning these devices and technology... Because at first glance, I'd think it doesn't look like a terribly secure system: one may be able to read someone else's card (by just standing near him/her with an appropiate reader) and duplicate it to have ilimited subway tickets ;-)

In any case, some time ago I read that a DefCon presentation by some college students concerning subway security (I think it was in San Francisco) had been suspended due to its very sensible contents. Do you know if it had anything to do with RFID's?

Options: ReplyQuote
Re: RFID security...
Posted by: thrill
Date: February 20, 2009 10:29AM

The presentation you are thinking about was by some MIT students who had figured out the data held in the Boston metro system cards, however, the same type of cards are used in the SF Bay area by BART.

As for RFID cloning, there has been a lot of coverage all over the place. One hacking group even cloned the RFID from a passport and made themselves to be Elvis Presley, picture and all when they put it up to a passport scanning machine.

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: RFID security...
Posted by: thornmaker
Date: February 20, 2009 11:15AM

3ric did a presentation a couple of weeks ago at Shmoocon on this topic: http://www.shmoocon.org/presentations-all.html#3ric
Videos should be available somewhere... perhaps not online yet

Options: ReplyQuote
Re: RFID security...
Posted by: rvdh
Date: February 21, 2009 03:42AM

istari Wrote:
-------------------------------------------------------
> OK, so I was visiting Paris a few days ago, and to
> my surprise I found out that since my last visit a
> few years before the traditional subway tickets
> (which had a magnetic stripe just like credit
> cards) had been replaced by a more modern card,
> called NaviGo, which has an RFID tag (built into a
> conector somewhat similar to those used in the old
> telephone cards).
>

Wow I was there 5 months ago and they still used magnetic stripe cards then, looks like they changed it very fast. Was it everywhere? or only in some stations? Paris metro system is pretty huge.

Options: ReplyQuote
Re: RFID security...
Posted by: istari
Date: February 23, 2009 11:29AM

@thrill & thornmaker - Thanks for the info! I'll start sniffing around to see what I can find out... should be fun ;-)

@rvdh - Yes, Paris' metro system is just huge! This was in place in all the urban subway stations (and some RER ones too). You could still use the old magnetic tickets (or buy them individually), but they wouldn't sell the weekly, monthly or anual ticket unless you had the NaviGo card. In any case, I can't imagine how hard it must be to globally change something as they did with this (and I must say that it worked flawlessly for me once I had my card)...

All this makes me wonder how much time they have until someone starts selling portable card cloners on eBay... I wouldn't be too optimistic if I were the RATP guys :-P

Options: ReplyQuote


Sorry, only registered users may post in this forum.