Have you ever attended an RFID hacking presentation and walked away with more questions than answers? This talk will finally provide practical guidance for penetration testers on hacking High Frequency (HF – 13.56 MHz) and Ultra-High Frequency (UHF – 840-960 MHz). This includes Near Field Communication (NFC), which also operates at 13.56 MHz and can be found in things like mobile payment technologies, e.g., Apple Pay and Google Wallet. We’ll also be releasing a slew of new and free RFID hacking tools using Arduino microcontrollers, Raspberry Pis, phone/tablet apps, and even 3D printing.

This presentation will NOT weigh you down with theoretical details or discussions of radio frequencies and modulation schemes. It WILL serve as a practical guide for penetration testers to better understand the attack tools and techniques available to them for stealing and using RFID tag information, specifically for HF and UHF systems. We will showcase the best-of-breed in hardware and software that you’ll need to build an RFID penetration toolkit. Our goal is to eliminate pervasive myths and accurately illustrate RFID risks via live attack DEMOS:

  • High Frequency / NFC – Attack Demos:
    • HF physical access control systems (e.g., iCLASS and MIFARE DESFire ‘contactless smart card’ product families)
    • Credit cards, public transit cards, passports (book), mobile payment systems (e.g., Apple Pay, Google Wallet), NFC loyalty cards (e.g., MyCoke Rewards), new hotel room keys, smart home door locks, and more
  • Ultra-High Frequency – Attack Demos:
    • Ski passes, enhanced driver’s licenses, passports (card), U.S. Permanent Resident Card (‘green card’), trusted traveler cards

Schematics and Arduino code will be released, and 100 lucky audience members will receive one of a handful of new flavors of our Tastic RFID Thief custom PCB, which they can insert into almost any commercial RFID reader to steal badge info or use as a MITM backdoor device capable of card replay attacks. New versions include extended control capabilities via Arduino add-on modules such as Bluetooth low energy (BLE) and GSM/GPRS (SMS messaging) modules.

This DEMO-rich presentation will benefit both newcomers to RFID penetration testing as well as seasoned professionals.

Partner Francis Brown and Security Analyst Shubham Shah will present at DEF CON 23RFIDiggity: Pentester Guide to Hacking HF/NFC and UHF RFID