I wanted to ask whether you knew anything about the recent Adi Shamir claimed on it being possible to break RFID security through the use of mobile phones by "deflecting" certain information. I've hunted high and low for detailed information and can't find any which leaves me to think there isn't any. Do you know whether Adi has released any information on the subject?
"In recent weeks, Shamir used a directional antenna and digital oscilloscope to monitor power use by RFID tags while they were being read. Patterns in power use could be analysed to determine when the tag received correct and incorrect password bits".
"The reflected signals contain a lot of information,". "We can see the point where the chip is unhappy if a wrong bit is sent and consumes more power from the environment?to write a note to RAM that it has received a bad bit and to ignore the rest of the string".
"I haven?t tested all RFID tags, but we did test the biggest brand and it is totally unprotected," Shamir said. Using this approach, "a cellphone has all the ingredients you need to conduct an attack and compromise all the RFID tags in the vicinity".
My thoughts:
The use of RF and monitors is not new science in determining the "goings on" where electronic devices are concerned - just look at the work that's been done on interrogating SIM cards. Where Adi Shamir talks about the chip being unhappy when it receives a wrong bit that forces the RFID chip to consume more power from the environment sounds an awful lot like a typical buffer overflow... Unclear whether Adi Shamir is talking about battery cell power requirements or computational power in terms of processing availability.
So, if anybody has anything, and is able to share, I'd be really interested in reading. I haven't emailed Adi Shamir yet as I want to understand the problem with more clarity before blundering in...
"In recent weeks, Shamir used a directional antenna and digital oscilloscope to monitor power use by RFID tags while they were being read. Patterns in power use could be analysed to determine when the tag received correct and incorrect password bits".
"The reflected signals contain a lot of information,". "We can see the point where the chip is unhappy if a wrong bit is sent and consumes more power from the environment?to write a note to RAM that it has received a bad bit and to ignore the rest of the string".
"I haven?t tested all RFID tags, but we did test the biggest brand and it is totally unprotected," Shamir said. Using this approach, "a cellphone has all the ingredients you need to conduct an attack and compromise all the RFID tags in the vicinity".
My thoughts:
The use of RF and monitors is not new science in determining the "goings on" where electronic devices are concerned - just look at the work that's been done on interrogating SIM cards. Where Adi Shamir talks about the chip being unhappy when it receives a wrong bit that forces the RFID chip to consume more power from the environment sounds an awful lot like a typical buffer overflow... Unclear whether Adi Shamir is talking about battery cell power requirements or computational power in terms of processing availability.
So, if anybody has anything, and is able to share, I'd be really interested in reading. I haven't emailed Adi Shamir yet as I want to understand the problem with more clarity before blundering in...
Thanks for reading
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/newsbriefs/140/738#738