Andrew Quesenberry

8. October 2012
Dr. Ektare
Computer Security
R!D "a#s in t$e %aker Re&o'ution
"$is is a practica' discussion about R!D ta#s and t$eir re'a&ence and security in t$e time
period t$at ! 'ike to ca'' t$e %aker Re&o'ution( or t$e Se')*%anu)acturin# re&o'ution. Due to t$e
wonders o) t$e internet( it is e+treme'y simp'e to #et a $o'd o) basic e'ectronic and circuitry ski''s
re,uired to bui'd sma'' e'ectronics( )rom tweetin# $ow muc$ power usa#e your $ouse $as( to keepin#
your pets )rom )eedin# out o) eac$ ot$ers- bow's. "$is essay discusses t$e possibi'ity o) creatin# an
R!D reader and a pro#rammab'e( se')*powered R!D card( and two possib'e attack &ectors usin# t$ese
simp'e de&ices.
.ui'din# an R!D reader is actua''y )air'y simp'e. A'' attackers need are an arduino me#a( a )ew
resistors( carriers( and ot$er readi'y a&ai'ab'e( ine+pensi&e supp'ies( and t$ey can $a&e a workin# R!D
reader t$at can read any o)) t$e s$e') card. "$e materia's and instructions are t$in#s attackers can easi'y
#et a $o'd o) usin# /oo#'e. 0ery 'itt'e so'derin# or tec$nica' ski'' is re,uired to set it up( and most o)
t$e code is a'so pre*written. 1it$ a &ery sma'' amount o) know*$ow( an attacker can easi'y bui'd a
passi&e reader t$at simp'y records numbers onto an SD card or ot$erwise. "$en t$e attacker can buy a
pro#rammab'e R!D card( or bui'd one.
A powered R!D ta# is about as simp'e( i) not simp'er t$an a reader. Attackers need a
microcontro''er( and a coi'. A )ew capacitors can $e'p boost t$e si#na' #ain( but rea''y( a'' an attacker
needs is a microcontro''er and a coi'. 2ro#rammin# it is as simp'e as #rabbin# some code )rom a pub'ic
repository( and )ittin# t$e number to w$ate&er t$e attacker needs. A pro#rammab'e card is about )i&e
do''ars.
"$e simp'est attack &ector is )or an emp'oyee at a department store3a't$ou#$ t$is works )or a
customer in a ma''( as we''4. Concea'in# an Arduino %e#a is e+treme'y simp'e( due to its si5e. Consider
t$at t$e antenna is 'itt'e more t$an a tube wit$ copper wire wrapped around it( and t$e circuit is &ery
)ew components. An attacker cou'd easi'y store t$e w$o'e t$in# in $is or $er pocket( 6acket( or e&en sew
muc$ o) it into $is or $er c'ot$es.
A'' t$e attacker wou'd need to do is $a&e a 'istener( and w$en t$e antenna returns somet$in#
ot$er t$an 0-s( record t$e cip$erte+t. 7ater( $e or s$e cou'd take t$e spoo)er( or t$e sma'' )ake R!D ta#(
and purc$ase t$in#s usin# ot$er peop'e-s credit cards( usin# t$e 2ay2ass. "$e worst part is t$at $e or s$e
doesn-t e&en need to decrypt anyt$in#( as t$at is done at t$e reader-s 'e&e'.
"$e same princip'e cou'd be app'ied to an identity t$ie) w$o 'i&es near an airport. 8e or s$e
wou'dn-t need to e&en #et in t$e #ates( a't$ou#$ t$at wou'd be best. "$e simp'est way wou'd be to stea'
credit card ta#s in t$e same way described abo&e( but many tra&e'ers tra&e' wit$ a passport. Attackers
bra5en and ski''ed enou#$ to pickpocket( can simp'y pickpocket t$e passport( wa''et( w$ate&er( wa'k by
a tras$can( bat$room sta''( w$ere&er t$ey store t$eir readin# e,uipment( t$en $e'p)u''y $and t$e
passport back to t$e &ictim( wit$out takin# a do''ar. 7ater( t$e attacker can $a&e t$e cip$erte+t( passport
number( dri&er-s 'icense number( and w$ate&er e'se t$ey need to start bui'din# a )ake identity )rom t$e
passport.
"$us we see some o) t$e simp'er t$reats o) widespread R!D use. "$ese attacks do not re,uire
t$e attacker to decrypt in)ormation in any way( t$ey simp'y #i&e t$e reader a number to decrypt( w$ic$
it wi'' duti)u''y 'isten to. !) banks want t$is to be more secure( t$ey s$ou'd sti'' re,uire a 2!9 or ot$er
secondary aut$entication system. ! $i#$'y recommend )indin# tutoria's on b'ockin# R!D ta#s( suc$
t$at attackers $a&e a muc$ $arder time #ettin# a $o'd o) sensiti&e in)ormation.
.ib'io#rap$y
Ross( Crai#( and Ricardo /oto. :ina' Desi#n 2ro6ect * R!D 2ro+imity Security System.: Final
Design Project - RFID Proximity Security System. 9.p.( ; %ay 200<. 1eb. 0; Oct. 2012.
=$ttps>??instruct1.cit.corne''.edu?courses?ee@A<?ina'2ro6ects?s200<?c6rBA?1ebsite?inde+.$tmC.
.et$. :Dsin# an A0R as an R!D "a# > Scan'ime.: Using an AVR as an RFID Tag : Scanlime. 9.p.( 21
Sept. 2008. 1eb. 0; Oct. 2012. =$ttp>??scan'ime.or#?2008?0;?usin#*an*a&r*as*an*r)id*ta#?C.
.et$. :Simp'est R!D ReaderE > Scan'ime.: Simplest RFID Reader : Scanlime. 9.p.( 22 Au#. 2008.
1eb. 0; Oct. 2012. =$ttp>??scan'ime.or#?2008?08?simp'est*r)id*reader?C.
:E+perts 1arn R!D Risks Outwei#$ .ene)its.: !"D#com. 9.p.( 1; Oct. 2011. 1eb. 0; Oct. 2012.
=$ttp>??www.wnd.com?2011?10?BFAAAB?C.
:12FG85 2ro#rammab'e?1ritab'e R!D Card.: Deal$xtreme. 9.p.( 0; Oct. 2012. 1eb. 0; Oct. 2012.
=$ttp>??d+.com?p?12Fk$5*pro#rammab'e*writab'e*r)id*card*1A2A8C.