Feds at DefCon Alarmed After RFIDs Scanned

[Cereb Daithi]

LAS VEGAS — It’s one of the most hostile hacker environments in the country –- the DefCon hacker conference held every summer in Las Vegas.

But despite the fact that attendees know they should take precautions to protect their data, federal agents at the conference got a scare on Friday when they were told they might have been caught in the sights of an RFID reader.

The reader, connected to a web camera, sniffed data from RFID-enabled ID cards and other documents carried by attendees in pockets and backpacks as they passed a table where the equipment was stationed in full view.

Would you like to know more?

[complacent]

I'm sure it's very unnerving to be shown just how retarded you are.

I can only hope that the training and the caliber of recruits increase significantly. Otherwise... we're ed.

[ElZorro]

Yea, this was talked about a bunch at the show and right after... it was especially compounded by Blackhat - their badges included an RFID card with all of their information (full name, etc). So if you were wearing your Blackhat badge at DEFCON you were snagged, if you had an RFID-enabled credit card you were snagged...

But the bigger issue to me is the camera. DEFCON has a 'no pictures without permission' policy which the violated. There were tons of cameras around, and almost no one was asking permission before clicking away. One guy I saw was taking pictures of the CTF teams. He was pointed out to the Goons and they had a little chat with him.

[complacent]

Yea, this was talked about a bunch at the show and right after... it was especially compounded by Blackhat - their badges included an RFID card with all of their information (full name, etc). So if you were wearing your Blackhat badge at DEFCON you were snagged, if you had an RFID-enabled credit card you were snagged...

But the bigger issue to me is the camera. DEFCON has a 'no pictures without permission' policy which the violated. There were tons of cameras around, and almost no one was asking permission before clicking away. One guy I saw was taking pictures of the CTF teams. He was pointed out to the Goons and they had a little chat with him.

While I agree about the camera stuff, the sheep's head idea made me laugh a bit.

But yea, cameras are verboten at cons. Taking pics is bad juju.

[zaxrex]

Paget announced during his DefCon talk that his security consulting company, H4rdw4re, will be releasing a $50 kit at the end of August that will make reading 125-kHz RFID chips — the kind embedded in employee access cards — trivial. It will include open source software for reading, storing and re-transmitting card data and will also include a software tool to decode the RFID encryption used in car keys for Toyota, BMW and Lexus models. This would allow an attacker to scan an unsuspecting car-owner’s key, decrypt the data and open the car. He told Threat Level they’re aiming to achieve a reading range of 12 to 18 inches with the kit.

Hmmm, a quick little stroll by a valet parking booth might be very entertaining. Get a few scans and run around the parking lot and see what opens.

[Sabre]

Scary part is, that range can be easily extended to a few meters... past that though, things start to get really tricky.

BTW, serves the Feds right!

[ElZorro]

Scary part is, that range can be easily extended to a few meters... past that though, things start to get really tricky.

Depends, is it an E-field or an H-field RFID? Active or passive? What frequency range?