Prox Card Hack
March 5, 2005 10:50 AM Subscribe
Think your Prox Card system is secure? Guess again. Some Sophomores at Olin College reverse-engineered the prox card system on campus and built their own reader. Rumor has it they have a spoofer (self-contained copier/transmitter) too, but nothing on the site about it.
Think your Prox Card system is secure?
Telling us what a 'Prox Card system' is might help too.
posted by Steve_at_Linnwood at 12:34 PM on March 5, 2005
Telling us what a 'Prox Card system' is might help too.
posted by Steve_at_Linnwood at 12:34 PM on March 5, 2005
A "Prox Card System" is a remote (RFID) identification system. The Prox Card can be read from up to several feet away and provide an ID to a reader.
The reverse engineering that took place was that the students took an existing card(s), analyzed its response to a reader signal, and determined how the ID was encoded in the response.
The fear is that it is simple to build a card reader, carry it around hidden on yourself, remotely read anyone's card without there knowledge by walking within a few feet of them, create a card with that persons ID encoded in it, and have access to anything that person's card has access to.
On preview: I tend to agree with odinsdream that this is not much worse than key systems. However, it is somewhat worse because picking a lock takes time and has the risk of discovery, while using a cloned card would be undetectable in many situations. And duplicating a key requires physical possession of that key for some time, while grabbing the ID from a prox card only requires being near it for a moment.
posted by Bort at 1:02 PM on March 5, 2005
The reverse engineering that took place was that the students took an existing card(s), analyzed its response to a reader signal, and determined how the ID was encoded in the response.
The fear is that it is simple to build a card reader, carry it around hidden on yourself, remotely read anyone's card without there knowledge by walking within a few feet of them, create a card with that persons ID encoded in it, and have access to anything that person's card has access to.
On preview: I tend to agree with odinsdream that this is not much worse than key systems. However, it is somewhat worse because picking a lock takes time and has the risk of discovery, while using a cloned card would be undetectable in many situations. And duplicating a key requires physical possession of that key for some time, while grabbing the ID from a prox card only requires being near it for a moment.
posted by Bort at 1:02 PM on March 5, 2005
BTW, these cards will become much more secure as they change the design away from just giving up an ID to a challenge-response smart card type of system. And that will have to happen before RFID is widely accepted for financial transactions.
posted by Bort at 1:07 PM on March 5, 2005
posted by Bort at 1:07 PM on March 5, 2005
Then the advancing system will be broken. Locks have only been secure all these years because most people don't know how to break into them. Most people could if they knew how.
posted by Dean Keaton at 3:07 PM on March 5, 2005
posted by Dean Keaton at 3:07 PM on March 5, 2005
the post is a bit silly because, as far as i know, no-one is claiming that these things are secure. but it was an interesting article anyway - i hadn't realised how they worked in that much detail and the encoding details were more complicated than i expected.
presumably the range of these things depends on the field being used to read them. here in santiago they're used as tokens for the metro (the system is presented as "storing" value on the cards, but presumably it's a central server that look up the id) and you have to get the card very close to the reader (often needing to take it out of your wallet). i wonder how practical a long range (say 1m) hand held device is.
also, it seems like it would be fairly easy to make these safe by simply carrying two. i read the article earlier today, but from what i remember the encoding doesn't exploit any kind of fancy orthogonality (you know what i mean, can't remember the technical term) so i would guess that two cards together would be unreadable.
posted by andrew cooke at 3:22 PM on March 5, 2005
presumably the range of these things depends on the field being used to read them. here in santiago they're used as tokens for the metro (the system is presented as "storing" value on the cards, but presumably it's a central server that look up the id) and you have to get the card very close to the reader (often needing to take it out of your wallet). i wonder how practical a long range (say 1m) hand held device is.
also, it seems like it would be fairly easy to make these safe by simply carrying two. i read the article earlier today, but from what i remember the encoding doesn't exploit any kind of fancy orthogonality (you know what i mean, can't remember the technical term) so i would guess that two cards together would be unreadable.
posted by andrew cooke at 3:22 PM on March 5, 2005
Some of these systems do have "anti-collission" stuff in their protocols, but buildings' card-keys tend to be the simplest, cheapest cards.
I assume that MegaDefenseCorpSecretLabs Inc. uses the spiffier challenge-response public-key two-factor cards, but then maybe they don't.
I carry two proximity cards in my wallet. One of them is readable but only from one side of the wallet, unless I take out the other card. The other one is only readable if I take it out of my wallet (but it had a shorter range to begin with).
posted by hattifattener at 4:15 PM on March 5, 2005
I assume that MegaDefenseCorpSecretLabs Inc. uses the spiffier challenge-response public-key two-factor cards, but then maybe they don't.
I carry two proximity cards in my wallet. One of them is readable but only from one side of the wallet, unless I take out the other card. The other one is only readable if I take it out of my wallet (but it had a shorter range to begin with).
posted by hattifattener at 4:15 PM on March 5, 2005
(i was thinking of the very simple chips described in the article - also, they'd have to be on the same frequency, i guess (and several frequencies were mentioned))
posted by andrew cooke at 5:21 PM on March 5, 2005
posted by andrew cooke at 5:21 PM on March 5, 2005
« Older ...or a bucket of turtles | A brave woman Newer »
This thread has been archived and is closed to new comments
The page just seems to be about building the prox card system.
posted by exois at 12:03 PM on March 5, 2005