|
|
Subject: Re: VeriChip hack? (Sorry if this posts twice) -
msg#00089
On 26-Jul-06, at 6:39 PM, Michael Krymson wrote:
> A commenter on a news link I read today said that the presenters only
> demonstrated grabbing the unique ID off the RFID. Unfortunately, the
> rest of the data is supposedly more encrypted and it is not a
> concern to
> leak the unique ID itself. I cannot attest to this firsthand, but
> perhaps someone here can.
Only the unique ID is stored on the RFID, the rest of the data is
stored in a Database.
The presentation was about the fact that the Verichip compagny that
implant RFID on Human are using a system that have no security at all
(even if they say it's secure).
The demo Jonathan did was a demo about the Reader/Spoofer device he
made, he has basicly read Annalle implanted RFID and spoofed it back
to the Verichip reader.
Here is a quote from Verichip website:
"With VeriChip's patented, FDA-cleared, human-implantable RFID
microchip technology, access control has achieved a new level of
protection never offered before. Now, organizations can protect
entire buildings, floors, or designated areas with the highest level
of security available today, and easily incorporate this into
existing building control systems. Additionally, staff, visitors, and
even assets can be tracked within the facility in real-time."
Ok now If I told you that Highest level of security available today
is the same technologie that is used to tag Pets?
Personally If I was implanting myself with a chip with the intention
to open my door or use it as a credit card, I would't want to hear I
got to change my chip every year for security update... Apparently
the removal can be a mess...
If you want to check more about RFID and Verichip:
Annalee Newtiz Wired article: http://www.wired.com/wired/archive/
14.05/rfid_pr.html
Jonathan Westhues website: http://cq.cx/prox.pl
Last year recon presentation / video about RFID Proximity Cards
http://2005.recon.cx/recon2005/papers/Jonathan_Westhues/
Hugo
> Either way, there are three truths to this new technology:
> - It will happen. That's just the way technology is...not everything
> gets turned away like e-voting (sort of)
> - It will be insecure and will cause problems...but then again, do
> fake
> IDs, passports, etc.
> - It will be the next big thing since virtualization steam-rolled into
> the industry
>
>
>
> Nick Selby wrote:
> > Anyone see the demo on the verichip hack at hope? Anyone have any
> > opinion on
> > the demo, like, was it successful :) ? Apologies again if this posts
> > twice.
> >
> > ---------------------------------------------------------------------
> > ---
> >
> > _______________________________________________
> > Dailydave mailing list
> > Dailydave@xxxxxxxxxxxxxxxxxxxxx
> > http://lists.immunitysec.com/mailman/listinfo/dailydave
> >
>
> _______________________________________________
> Dailydave mailing list
> Dailydave@xxxxxxxxxxxxxxxxxxxxx
> http://lists.immunitysec.com/mailman/listinfo/dailydave
Thread at a glance:
Previous Message by Date:
Re: VeriChip hack? (Sorry if this posts twice)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I saw the HOPE presentation myself. I was under the impression that nothing on
the VeriChip was encrypted. Also they were able to read the unique ID off the
chip through the skin, then replay it to the VeriChip reader and have it
accepted as valid. So basically they could brush up against you in an elevator,
then go to the RFID reader at a secure location and replay it back as if you
scanned your implanted RFID chip.
Very cool and possibly a sign of things to come. Hopefully a wake up call to
RFID chip makers.
On Wed, Jul 26, 2006 at 05:35:24PM -0700, Shawn Fitzgerald wrote:
> I don't know anything about this specific hack but a lot of the RFID
> attacks that have been surfacing are not very interesting and/or new.
> They generally have to do with how the RFID is used rather than some
> problem with the tech itself. For example if some system implements a
> key by just broadcasting a code, well thats just stupid and it can be
> sniffed. If the system is using some sort of challenge response,
> thats different.
>
> That being said some of the older protocol attacks such as relay
> attacks (i.e. grand-master chess problem) are VERY relevant for the
> typical RFID system. Also it still is not clear if RFID is less
> vulnerably to your typical side channel attack (e.g. DPA/SPA type).
>
> bottom line is that one can look at the design and determine if the
> RFID is vulnerably to the typical attacks being published.
>
> Cheers, Shawn
>
>
>
> On Jul 26, 2006, at 10:47 AM, Nick Selby wrote:
>
> > Anyone see the demo on the verichip hack at hope? Anyone have any
> > opinion on the demo, like, was it successful :) ? Apologies again
> > if this posts twice.
> > _______________________________________________
> > Dailydave mailing list
> > Dailydave@xxxxxxxxxxxxxxxxxxxxx
> > http://lists.immunitysec.com/mailman/listinfo/dailydave
>
> _______________________________________________
> Dailydave mailing list
> Dailydave@xxxxxxxxxxxxxxxxxxxxx
> http://lists.immunitysec.com/mailman/listinfo/dailydave
- --
Nick DePetrillo
Network Security Engineer
OSHEAN
Office: (401) 295-0550 Ext. 5
E-Mail/Jabber XMPP: nick@xxxxxxxxxx
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x121245B5
PGP Fingerprint: 27AF 66D3 2CB7 68F5 B326 65F6 DE11 0183 1212 45B5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFEyBEg3hEBgxISRbURAofhAKCvJ6zyZmEDFlsZlYol/IMZ4PXThACgqum+
PMwC6pWSwPix9LIZnzQZWBY=
=mkHU
-----END PGP SIGNATURE-----
Next Message by Date:
Re: VeriChip hack? (Sorry if this posts twice)
Is anyone else just a little wary of "implantable microchips"? I'm
into technology and all, but that smells funny...
Josh L. Perrymon wrote:
I also have concerns with the RFID push. I have been contacting most
of the companies pushing the technology like EPC and their response is
" First we muct get the technology in the market, then we can worry
about security".
Good approach. I thought this was learned in the SDLC. So we are left
with is a gap until about 2008 before Gen3 tags are rolled out.
We alreayd have issues with session replay, Signal Jamming, altering
data content, zapping tags, RFID Malware, RFID SQL INjection, so on.
A lot of work is being done with encryption, challenge-repsonse,
one-way hashing, so on.. but these leave the tags open to location
attacks. Basically, if a one-way hash is used then the tag will
respond with the same ID- this could be used to locate the tag.
Same thing for IFF used by the air-force back in the days. They put
the transponders to ID the planes.. then the opposition picked up on
this and could then ID the planes as well. Lessons learned?
My thoughts are on the ability to detect rogue devices and tags to
minimize risk until these concerns are covered in something like Gen3.
Cheers,
Joshua Perrymon
PacketFocus.com
On 7/27/06, Michael Krymson <krymson@xxxxxxxxx> wrote:
A commenter on a news link I read today said that the presenters only
demonstrated grabbing the unique ID off the RFID. Unfortunately, the
rest of the data is supposedly more encrypted and it is not a concern to
leak the unique ID itself. I cannot attest to this firsthand, but
perhaps someone here can.
Either way, there are three truths to this new technology:
- It will happen. That's just the way technology is...not everything
gets turned away like e-voting (sort of)
- It will be insecure and will cause problems...but then again, do fake
IDs, passports, etc.
- It will be the next big thing since virtualization steam-rolled into
the industry
Nick Selby wrote:
Anyone see the demo on the verichip hack at hope? Anyone have any
opinion on
the demo, like, was it successful :) ? Apologies again if this posts
twice.
------------------------------------------------------------------------
_______________________________________________
Dailydave mailing list
Dailydave@xxxxxxxxxxxxxxxxxxxxx
http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave@xxxxxxxxxxxxxxxxxxxxx
http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave@xxxxxxxxxxxxxxxxxxxxx
http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave@xxxxxxxxxxxxxxxxxxxxx
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous Message by Thread:
Re: VeriChip hack?
Josh wrote
>I also have concerns with the RFID push. I have been contacting most of the
companies pushing the technology like EPC and their response is >" First we muct
get the technology in the market, then we can worry about security".
Josh, I'm sure you've seen this many times before and will see it many times
again, this is just the way these industries tends to think. I was at the
Embedded World Conference earlier this year, and attended the "Security and
Cryptography" track. And most of the speakers were from vendor companies, so I
asked them specifically what was it in their product that enhanced security?
Every single one (apart from one - who talked about MILS - Multiple Independent
Levels of Security) said that they leave the security to be dealt with at the
network level. At the end of the Conference I felt that I had confirmed to
myself that those "lovely ideas" of security in depth, onion layer approach,
multiple levels of security, etc. were just for security people.
Just to an even worse stance to this (if that's possible), the products
(represented in the Exhibition by those and many other vendors) will be those
same products (as embedded software or hardware) which will go into making so
many other appliances. Which in the long run will provide an untold number of
vulnerabilities to exploit.
Only security people are interested in security. Vendors just what to sell
products. Shame but true.
Cheers
Sarb Sembhi
Next Message by Thread:
Re: VeriChip hack? (Sorry if this posts twice)
I don't know anything about this specific hack but a lot of the RFID
attacks that have been surfacing are not very interesting and/or new.
They generally have to do with how the RFID is used rather than some
problem with the tech itself. For example if some system implements a
key by just broadcasting a code, well thats just stupid and it can be
sniffed. If the system is using some sort of challenge response,
thats different.
That being said some of the older protocol attacks such as relay
attacks (i.e. grand-master chess problem) are VERY relevant for the
typical RFID system. Also it still is not clear if RFID is less
vulnerably to your typical side channel attack (e.g. DPA/SPA type).
bottom line is that one can look at the design and determine if the
RFID is vulnerably to the typical attacks being published.
Cheers, Shawn
On Jul 26, 2006, at 10:47 AM, Nick Selby wrote:
> Anyone see the demo on the verichip hack at hope? Anyone have any
> opinion on the demo, like, was it successful :) ? Apologies again
> if this posts twice.
> _______________________________________________
> Dailydave mailing list
> Dailydave@xxxxxxxxxxxxxxxxxxxxx
> http://lists.immunitysec.com/mailman/listinfo/dailydave
|
|