Friend
Professional
- Messages
- 2,669
- Reaction score
- 942
- Points
- 113
At the Defcon conference, a group of researchers demonstrated successful cloning of data from RFID tags used in HID Global key cards. Such devices are used to protect homes and offices around the world.
At the same time, data reading is possible in remote mode, at a distance of about 30 cm. Researchers managed to crack the cryptographic protection of keys that were stored in the readers of electronic locks.
This technology allows potential intruders to both enter premises that are locked with such locks, and sell this data to anyone who wants. Any RFID recording device can be used to record the cloned data, according to the researchers.
HID Global itself said that it has been aware of the possibility of cloning electronic keys since last year, and it is taking measures. According to representatives of the company, the problem concerns only devices with the lowest level of protection, and the procedure for intercepting keys is quite complex and requires bulky equipment. However, HID Global promised to release patches for its physical security systems as quickly as possible. In the meantime, the company recommends that its customers update their keys.
"The vendor no longer controls who has the keys and how they are used. This is a serious security threat, " one of the researchers, Babak Javadi, co-founder of the security firm The Core Group, commented on the results of the work to the online publication Wired.
It has already used this technology in penetration testing for a number of customers. According to him, the key interception procedure takes seconds, and the tag reader easily fits into a briefcase, does not give itself away in any way during operation and does not attract the attention of outsiders at all.
At the same time, the researchers recognized that cloning data from more advanced devices from HID Global is technically more difficult, since it requires physical access to the equipment, and attempts to achieve it involve serious risks.
At the same time, data reading is possible in remote mode, at a distance of about 30 cm. Researchers managed to crack the cryptographic protection of keys that were stored in the readers of electronic locks.
This technology allows potential intruders to both enter premises that are locked with such locks, and sell this data to anyone who wants. Any RFID recording device can be used to record the cloned data, according to the researchers.
HID Global itself said that it has been aware of the possibility of cloning electronic keys since last year, and it is taking measures. According to representatives of the company, the problem concerns only devices with the lowest level of protection, and the procedure for intercepting keys is quite complex and requires bulky equipment. However, HID Global promised to release patches for its physical security systems as quickly as possible. In the meantime, the company recommends that its customers update their keys.
"The vendor no longer controls who has the keys and how they are used. This is a serious security threat, " one of the researchers, Babak Javadi, co-founder of the security firm The Core Group, commented on the results of the work to the online publication Wired.
It has already used this technology in penetration testing for a number of customers. According to him, the key interception procedure takes seconds, and the tag reader easily fits into a briefcase, does not give itself away in any way during operation and does not attract the attention of outsiders at all.
At the same time, the researchers recognized that cloning data from more advanced devices from HID Global is technically more difficult, since it requires physical access to the equipment, and attempts to achieve it involve serious risks.
