It
has been possible for a while to read the card data and retransmit this, but
this was again limited to a small number of experts with very specific
knowledge about the card technologies. For those applications where the
security level had to be higher, encrypted cards have normally been specified.
With
the success of the Internet, information sharing has totally changed. Protocols
and details are available on line to any one, which already makes it easier for
hackers to access.
There
are a few hacker organisations we are aware of and they publish details on how
to hack the HID IClass, Mifare and many other types. This was still more of a
development community and not easy to do for non experts.
This
has changed and now you can buy ready made equipment which can read the CSN of
Mifare, FeliCa, HID and others. The data can then be easily retransmitted. This
equipment can be bought ready made on line by anyone.
With
the equipment you can easily read someone's card unnoticed (for example, in a
lift) and then walk over to any door and retransmit to gain access.
The
trend in using just the CSN can cause big embarrassment for large corporate
companies, if security was breached this way and was released in the public
domain.
Security
levels of cards and readers are becoming increasingly important because of the
above statement.
An
example of an encrypted Mifare card hacked is on YouTube. http://m.youtube.com/watch?v=Y8VVKnUdECgThere are a few
examples on the Internet of this.
“FeliCa”
has not been known to have been hacked and would be outside the scope of most
people ability, if this was ever achievable due to the high levels of
encryption."
Robert De'Antiquis
No comments:
Post a Comment