DEF CON 23 (2015) - RFIDiggity - Pentester Guide to Hacking HF/NFC and UHF RFID

DEF CON 23 (2015) - RFIDiggity - Pentester Guide to Hacking HF/NFC and UHF RFID - 09Aug2015

День тому

09 August 2015 - DEF CON 23 (2015)
Fran Brown & Shubham Shah - Bishop Fox
www.bishopfox.com/resources/to...
www.defcon.org/html/defcon-23...
Have you ever attended an RFID hacking presentation and walked away with more questions than answers? This talk will finally provide practical guidance for penetration testers on hacking High Frequency (HF - 13.56 MHz) and Ultra-High Frequency (UHF - 840-960 MHz). This includes Near Field Communication (NFC), which also operates at 13.56 MHz and can be found in things like mobile payment technologies, e.g., Apple Pay and Google Wallet. We’ll also be releasing a slew of new and free RFID hacking tools using Arduino microcontrollers, Raspberry Pis, phone/tablet apps, and even 3D printing.
This presentation will NOT weigh you down with theoretical details or discussions of radio frequencies and modulation schemes. It WILL serve as a practical guide for penetration testers to better understand the attack tools and techniques available to them for stealing and using RFID tag information, specifically for HF and UHF systems. We will showcase the best-of-breed in hardware and software that you’ll need to build an RFID penetration toolkit. Our goal is to eliminate pervasive myths and accurately illustrate RFID risks via live attack DEMOS:
o High Frequency / NFC - Attack Demos:
- HF physical access control systems (e.g., iCLASS and MIFARE DESFire “contactless smart card” product families)
- Credit cards, public transit cards, passports (book), mobile payment systems (e.g., Apple Pay, Google Wallet), NFC loyalty cards (e.g., MyCoke Rewards), new hotel room keys, smart home door locks, and more
o Ultra-High Frequency - Attack Demos:
- Ski passes, enhanced driver’s licenses, passports (card), U.S. Permanent Resident Card (“green card”), trusted traveler cards
Schematics and Arduino code will be released, and 100 lucky audience members will receive one of a handful of new flavors of our Tastic RFID Thief custom PCB, which they can insert into almost any commercial RFID reader to steal badge info or use as a MITM backdoor device capable of card replay attacks. New versions include extended control capabilities via Arduino add-on modules such as Bluetooth low energy (BLE) and GSM/GPRS (SMS messaging) modules
This DEMO-rich presentation will benefit both newcomers to RFID penetration testing as well as seasoned professionals.
DISCLAIMER: This video is intended for pentesting training purposes only.

КОМЕНТАРІ: 15

@shaneellington7991 8 років тому

This was a damn good presentation of old and new tech..

@stevenjames8272 8 років тому

The presentation slides don't seem to be on the BishopFox website yet?

@gatakamsky9998 4 роки тому

interesting talk by Michael Madsen.

@InToCraft 8 років тому

When do the slides get released

@TheDeeske 6 років тому

usable to this day...???

@Echelon513 5 років тому

I wonder how many people saw this guy and thought they spotted the fed... lol

@nicolek4076 8 років тому

What was the film he showed excerpts from?

@BrianDixonFTM 8 років тому

+Nicole K Mr. Robot.

@TheDeeske 6 років тому

do anybody knows if this stuff still usable to this, and if this can record credit cards info...???

@michelleatkinson4940 5 років тому

I know this comment is old but i would like to know this too, did you ever find out ?

@juliusgodinez1987 8 років тому

I just wanna get into my computer lab after hours...I go to school for computer animation would be nice to render on 10 machines when no one is around