1、Bypassing RFID ReadersBehind Closed DoorsJulia Zduczyk$whoamiJulia ZduczykIT Security Specialist at Penetration Tester Red Teamer Horse archer,diver,caver,rock climber,hiker,gymnast tl;dr I like adrenaline rush:PDisclaimerEven though this version of slides contains additional notes that summarize to
2、pics discussed during actual live briefing,the original presentation included multiple live demos covering more topics.I encourage you to watch the recording of the session:)RFIDRadio Frequency IdentificationSource:Source:https:/Source:https:/Item trackingContactless paymentsAccess ControlRFIDOther
3、interesting use casesRoad signs tracking?Coffee filtersCard cloningSometimes it worksIn Red Teaming scenarios we must be quick and efficient.Access card cloning is easy when:the system in use is insecure employees dont employ good card handling practices e.g.they leave their cards unattended in plac
4、es accessible to unauthorized people Card cloningSometimes it does not.When an access system used in the facility is secure,e.g.employs proper encryption,it is very hard or expensive to clone access cards.In this case it is often not worth it for the attacker to try card cloning and risk being caugh
5、t in the process.Card cloningSometimes it does not.And we will not always be so lucky to find cards permanently attached to readers as in this example;)How can we bypass RFID access control systems without card cloning?Access control systems Autonomous RFID locksOpen/Close command(via wires)Tag UID(
6、via RF)Reader is the decision-making unit,storing valid cards in its memoryHow this works?Based on the Sebury reader example:New cards can be added using:Manager Add and Delete cardsHow this works?SEBURY USER MANUALNew cards can be added using:Manager Add and Delete cards“administrator setting”What