Hmm... everyday I read something new about RFID. THis technology has been around for a little while but is really gaining Steam now.. I'm the US large entities like Wal-Mart and the DoD are really pushing this technology.
I'm no expert at RFID but I know what I'l like to do with it as it relates to penetration testing.
I'm working on a handhelp compaq IPaq with a RFID R/W card installed. This device would become invaluable for on-site and physical tests. The tester could hang out in front of the building or in the lobby and scan RFID ID cards as internal users walk by.
The tester could then write to a similar badge medium and have access into the building. THis is the type of attack I would use while performing a wireless audit. Having a badge gives a much better chance of getting building access than tailgating.. THis access is then used to place a wireless AP or similar device inside the building to establish communication channels outside.
So the RFID hack within itself may not bring a corp to it's knees.. using it along with another attack makes it deadly.
JP
No comments:
Post a Comment