通用射频按键(八)
0赞
发表于 6/1/2011 11:00:17 PM
阅读(15803)
Step 9Further steps
This was a 'to prove I could do it' project - I have completed it, so it now sits on my shelf at work to remind others that simple RFID systems are simply not secure.
You are welcome to adapt the project however you would like to, and while you may have the skeleton keys to the kingdom, you still need the little numbers on the back of the access card before you can use the key yourself.
I have considered modifying my card so that it works as all of the compatible RFID tags that I hold. In my job, I need have access to multiple work sites, and it would be great to use the one card, but I don't think that would be a great idea..........
Will this work on all RFID sytems?
No it won't. This is a good thing.
The first RFID systems deployed years ago used very simple protocols, based on the intelligence of the chip in the card - They also used a low frequency (125kHz) carrier.
More modern systems use a number of techniques to ensure security, such as one time codes; cryptography; use bi-directional communication; use internal passwords, and use much higher frequencies. So spoofing these systems is a lot more work.
But there are a large number of low tech systems in place now.
What can I do to protect my system?
Firstly, don't equate cards to physical keys - in simple systems they are not equivalent.
Don't give out visitor cards - They are easily duplicated - I f you do need Visitor cards, then implement a system where they are only active when they have been issued.
Enable Pass Back systems - If the card system believes you are in a particular room, make sure that the card can't be used in other rooms at the same time.
Remove the numbers from the back of the cards - while they may make it easier to enter card details, but they also make it easy for somebody to use the details for their own purposes.
Finally, look at how to upgrade your access system to a card system that is not trivially spoofed using $15 worth of parts. And - No, purchasing a new system from eBay for $15 is not the answer....
You are welcome to adapt the project however you would like to, and while you may have the skeleton keys to the kingdom, you still need the little numbers on the back of the access card before you can use the key yourself.
I have considered modifying my card so that it works as all of the compatible RFID tags that I hold. In my job, I need have access to multiple work sites, and it would be great to use the one card, but I don't think that would be a great idea..........
Will this work on all RFID sytems?
No it won't. This is a good thing.
The first RFID systems deployed years ago used very simple protocols, based on the intelligence of the chip in the card - They also used a low frequency (125kHz) carrier.
More modern systems use a number of techniques to ensure security, such as one time codes; cryptography; use bi-directional communication; use internal passwords, and use much higher frequencies. So spoofing these systems is a lot more work.
But there are a large number of low tech systems in place now.
What can I do to protect my system?
Firstly, don't equate cards to physical keys - in simple systems they are not equivalent.
Don't give out visitor cards - They are easily duplicated - I f you do need Visitor cards, then implement a system where they are only active when they have been issued.
Enable Pass Back systems - If the card system believes you are in a particular room, make sure that the card can't be used in other rooms at the same time.
Remove the numbers from the back of the cards - while they may make it easier to enter card details, but they also make it easy for somebody to use the details for their own purposes.
Finally, look at how to upgrade your access system to a card system that is not trivially spoofed using $15 worth of parts. And - No, purchasing a new system from eBay for $15 is not the answer....
