当前位置:首页 > 报告详情

幕后揭秘——绕过RFID读卡器.pdf

上传人: 竿*** 编号:981760 2025-11-29 41页 3.80MB

1、Bypassing RFID ReadersBehind Closed DoorsJulia Zduczyk$whoamiJulia ZduczykIT Security Specialist at Penetration Tester Red Teamer Horse archer,diver,caver,rock climber,hiker,gymnast tl;dr I like adrenaline rush:PDisclaimerEven though this version of slides contains additional notes that summarize to

2、pics discussed during actual live briefing,the original presentation included multiple live demos covering more topics.I encourage you to watch the recording of the session:)RFIDRadio Frequency IdentificationSource:Source:https:/Source:https:/Item trackingContactless paymentsAccess ControlRFIDOther

3、interesting use casesRoad signs tracking?Coffee filtersCard cloningSometimes it worksIn Red Teaming scenarios we must be quick and efficient.Access card cloning is easy when:the system in use is insecure employees dont employ good card handling practices e.g.they leave their cards unattended in plac

4、es accessible to unauthorized people Card cloningSometimes it does not.When an access system used in the facility is secure,e.g.employs proper encryption,it is very hard or expensive to clone access cards.In this case it is often not worth it for the attacker to try card cloning and risk being caugh

5、t in the process.Card cloningSometimes it does not.And we will not always be so lucky to find cards permanently attached to readers as in this example;)How can we bypass RFID access control systems without card cloning?Access control systems Autonomous RFID locksOpen/Close command(via wires)Tag UID(

6、via RF)Reader is the decision-making unit,storing valid cards in its memoryHow this works?Based on the Sebury reader example:New cards can be added using:Manager Add and Delete cardsHow this works?SEBURY USER MANUALNew cards can be added using:Manager Add and Delete cards“administrator setting”What

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要内容概括如下: - **RFID技术应用**:RFID技术广泛应用于物品跟踪、无接触支付、门禁控制等领域。 - **RFID安全风险**:RFID门禁系统存在被克隆卡、降级攻击、电磁脉冲攻击等安全风险。 - **攻击方法**: - **克隆卡攻击**:利用系统不安全或员工疏忽,克隆卡以获取访问权限。 - **降级攻击**:利用系统遗留设置,将加密卡数据写入非加密卡,实现访问。 - **电磁脉冲攻击**:使用电磁脉冲设备重置读卡器内存,打开锁。 - **协议攻击**:利用Wiegand协议漏洞,拦截通信并远程控制门禁。 - **拒绝服务攻击**:通过数据洪流或蓝牙漏洞使读卡器拒绝服务。 - **防御措施**: - 使用更安全的协议(如OSDP)。 - 配置正确的协议设置。 - 使用防篡改机制和日志监控。 - 保持读卡器固件更新。 - 禁用遗留凭证。 - **红队评估**:通过模拟攻击测试系统漏洞,提高安全意识。
"破解RFID,门禁不再难?" "无卡克隆,门禁系统如何防范?" "RFID门禁,红队如何攻破?"
客服
商务合作
小程序
服务号
折叠