Consultant's view: Don't get cocky about RFID
Expect mobile mayhem
Are RFID keycards the next big thing? Only if they can see off power attacks, warns Ken Munro.
One of our pet projects is magnetic stripe hotel keycard security. Of particular concern is the continued availability of weak vendor technologies that allow illicit access to hotel rooms. The hotel industry might have identified shortcomings in magnetic systems, but the driver for change is the blended benefit of service availability, automation and billing, not security.
RFID is being touted as the next “great thing” for hotels; your RFID keycard gets you into your room more reliably than magnetic stripe cards, allows you self-service, automates mini-bar charging, and controls access to the safe.
RFID cards are also less susceptible to being “worn out” – a scratched, dented, dropped-in-beer RFID card is much more likely to work than its magnetic stripe counterpart.
RFID tags are becoming commonplace in the high street and will become so in supermarkets as prices drop. However, they are also relatively easy to read and write to and clone (writing copied data to storage media and then copying it to blank media). We have dubbed this technique “warbumping”, because tag information is extracted by swiping the tag while in close proximity.
One researcher took this to its ultimate conclusion. He bought some RFID-tagged cheese, cloned his hotel keycard RFID tag, wrote the data to the cheese, and used the cheese to open his hotel door. In this example he was merely cloning a proximity card (high frequency/low range).
Some RFID cards use data encryption, particularly those involved in access control (such as HID ProxCard and the Oyster card). One of the issues with RFID is that encryption consumes power, and the only power supply to a passive card is from the querying signal, picked up using a loop antenna in the card (hold an RFID card up to a very strong light source and you'll see it).
It's hard to draw enough power ‘over the air' to perform strong crypto, so most current RFID access control card systems use fairly weak encryption. There are a few vendors who have announced useable, strong RFID cryptographic solutions, but this is cold comfort for organisations that have bought into large installations already. Brute force attacks against these cards have not succeeded yet, although we are working on routes to speed up the attack to a point where it might be achievable.
Even good cryptography can be broken. Using a side-channel power attack, Adi Shamir of the Weizmann Institute managed to reproduce the kill code for an RFID tag. The methodology involved the use of a sensitive oscilloscope and many man hours of data interpretation.
Side-channel power attacks such as these look for the differences in power consumption triggered when something attempts to read the RFID. The consumption differences are identified using the oscilloscope. In an effort to reduce power usage, many RFID vendors have inadvertently increased the problem – it takes less energy to provoke the tag into giving up readable data.
Of course, carrying a large oscilloscope around and then pointing an antenna at someone for six hours or more in order to clone their card is wholly impractical, but miniaturisation and automation hold the key to opening this up for more widespread abuse.
PDA-based oscilloscope software is available, although we have not yet found one with the sensitivity required for a power attack, but this is likely to be improved upon.
There are also mobile phone handsets that carry RFID read/write functionality. When these technologies are merged, RFID cracking “on the hoof” will become a real possibility.
If you are relying on RFID proximity cards for building access control, maybe even to your server rooms, you would be well advised to put your RFID access card in a RF-shielded wallet. You'd only open it up to authenticate it with a reader, then close it when it is in your pocket.
In the meantime, vendors should now be looking at ways to design-out the processes that enable power attacks.