This past weekend Major Malfunction presented on and released his RFIDiot tools as Shmoocon. I was in attendance and had the opportunity to talk with him earlier in the weekend.
He presented his tools, all based in Python, to the audience and demonstrated a number of cloning attacks, as well as the ability to read the new UK passports. The UK passports contain all of the information needed to create a new one – including a digital version of the picture.
The challenge that he faced with the passports, is that a key is required to read the RFID chip. However, he was able to obtain all of the information that was needed to brute force the required key in only a few hours, using only the information printed on the envelope.
It also seems that Major Malfunction has a keen interest in cloning of humans. Well, not so much the humans, but their implanted RFID chips. As you may be aware, I have an implanted chip, and spent some time on stage with Major to have him clone me in front of a live audience. He was successful in cloning my chip, and was able to utilize it to unlock my laptop.
Now you may be asking, “Why would Larry allow someone to clone his implanted chip?”. The reasons are simple:
- The number is publicly available from the video of the implantation [view it here]. It was always intended to be public.
- The implant was done for research and education. To me, assisting in the demo was the perfect opportunity to educate about the insecurities in RFID. I’m taking the hit so you don’t have to.
- I’m encouraging people to use my implant for evil (or good). I know of some (secret) plans for my RFID chip at the Wireless Village at DEFCON 15. I’m willing to participate to help educate, and make the whole system better.
- I know the major inherent weaknesses in the system, so any project I’m using it for personally does not contain any live data (test data only). For access control purposes (such as a home, office or car), you can bet that you have to pass through one or more other security systems first! Likely, you’ll only be able to open something useless, like an empty drawer. The safe or front door, forget it.
Mike Poor shouted to me while I was walking off stage to take the cloned card that Major Malfunction retained. I thought it was humorous, but at that point my RFID implant was already compromised; on the internet, displayed on the screen at the conference, and possibly already cloned to one or more cards in Major’s possession. I’d already stepped beyond the point of no return. I’m OK with that too.
To plug Major Malfunction’s works, go check out his website. Go download and play with his tools, and he also has a bunch of hardware for sale as well, which were actually used in his presentation.
Go forth and hack RFID, including mine.