At this week’s Black Hat conference in Las Vegas, Bishop Fox security expert Fran Brown plans to demonstrate his new invention, which he says criminals can use to clone any passive RFID card — the kind used by employees around the world, including those working at “every single Fortune 500 company” — to gain access to secure buildings and areas. He claims the device has a 100 percent success rate, and in his presentation he will also show audience members how to make their own version.
What’s the Big Idea?
Black Hat’s purpose is to demonstrate how systems can be hacked as well as how those systems can be defended more strongly. Although passive RFID systems have never been especially secure, a person with nefarious intentions would have to be within inches of a card to get any data. Brown’s device can collect data from any card within a three-foot radius. He says, “[T]he way I think of RFID hacking is that it’s where Web application security was 10 years ago. Until people are [using RFID hacking for malicious purposes], no one is going to be motivated to do anything about it.”