rfid hacking: reconsidering physical security · rfid hacking: reconsidering physical security...
TRANSCRIPT
![Page 1: RFID Hacking: Reconsidering Physical Security · RFID Hacking: Reconsidering Physical Security Michael J. Kannan, CISSP, C|EH Senior Security Consultant April 29, 2015 Jackson Schultz](https://reader030.vdocuments.site/reader030/viewer/2022040116/5e994ade088b0404057751dd/html5/thumbnails/1.jpg)
RFID Hacking:Reconsidering Physical Security
Michael J. Kannan, CISSP, C|EHSenior Security Consultant
April 29, 2015
Jackson SchultzSecurity Consultant
![Page 2: RFID Hacking: Reconsidering Physical Security · RFID Hacking: Reconsidering Physical Security Michael J. Kannan, CISSP, C|EH Senior Security Consultant April 29, 2015 Jackson Schultz](https://reader030.vdocuments.site/reader030/viewer/2022040116/5e994ade088b0404057751dd/html5/thumbnails/2.jpg)
Founded in 1994
Located in Peabody, MA
Organized into 4 Practices
Information Security Practice:1) Risk Management & Compliance
2) IT Assurance
3) IT Audit
GraVoc Associates, Inc.
![Page 3: RFID Hacking: Reconsidering Physical Security · RFID Hacking: Reconsidering Physical Security Michael J. Kannan, CISSP, C|EH Senior Security Consultant April 29, 2015 Jackson Schultz](https://reader030.vdocuments.site/reader030/viewer/2022040116/5e994ade088b0404057751dd/html5/thumbnails/3.jpg)
Introduction
Demonstration/Show & Tell
Recommendations
Question/Answer & Closing Remarks
Today’s Agenda
![Page 4: RFID Hacking: Reconsidering Physical Security · RFID Hacking: Reconsidering Physical Security Michael J. Kannan, CISSP, C|EH Senior Security Consultant April 29, 2015 Jackson Schultz](https://reader030.vdocuments.site/reader030/viewer/2022040116/5e994ade088b0404057751dd/html5/thumbnails/4.jpg)
Show of Hands: How many of you…
Have back office and other sensitive areas protected by RFID?
![Page 5: RFID Hacking: Reconsidering Physical Security · RFID Hacking: Reconsidering Physical Security Michael J. Kannan, CISSP, C|EH Senior Security Consultant April 29, 2015 Jackson Schultz](https://reader030.vdocuments.site/reader030/viewer/2022040116/5e994ade088b0404057751dd/html5/thumbnails/5.jpg)
Show of Hands: How many of you…
Have exterior doors protected by RFID?
![Page 6: RFID Hacking: Reconsidering Physical Security · RFID Hacking: Reconsidering Physical Security Michael J. Kannan, CISSP, C|EH Senior Security Consultant April 29, 2015 Jackson Schultz](https://reader030.vdocuments.site/reader030/viewer/2022040116/5e994ade088b0404057751dd/html5/thumbnails/6.jpg)
Show of Hands: How many of you…
Have your server room protected by RFID?
![Page 7: RFID Hacking: Reconsidering Physical Security · RFID Hacking: Reconsidering Physical Security Michael J. Kannan, CISSP, C|EH Senior Security Consultant April 29, 2015 Jackson Schultz](https://reader030.vdocuments.site/reader030/viewer/2022040116/5e994ade088b0404057751dd/html5/thumbnails/7.jpg)
![Page 8: RFID Hacking: Reconsidering Physical Security · RFID Hacking: Reconsidering Physical Security Michael J. Kannan, CISSP, C|EH Senior Security Consultant April 29, 2015 Jackson Schultz](https://reader030.vdocuments.site/reader030/viewer/2022040116/5e994ade088b0404057751dd/html5/thumbnails/8.jpg)
Introduction: RFID Basics
1. Low (LF)
2. High (HF)
3. Ultra-High (UHF)
Frequencies:
Fun fact: Between 70-80% of all physical access RFID devices in US use low frequency.
![Page 9: RFID Hacking: Reconsidering Physical Security · RFID Hacking: Reconsidering Physical Security Michael J. Kannan, CISSP, C|EH Senior Security Consultant April 29, 2015 Jackson Schultz](https://reader030.vdocuments.site/reader030/viewer/2022040116/5e994ade088b0404057751dd/html5/thumbnails/9.jpg)
Introduction: RFID Basics
Not so fun fact: Low frequency RFID has been hacked and is insecure.
![Page 10: RFID Hacking: Reconsidering Physical Security · RFID Hacking: Reconsidering Physical Security Michael J. Kannan, CISSP, C|EH Senior Security Consultant April 29, 2015 Jackson Schultz](https://reader030.vdocuments.site/reader030/viewer/2022040116/5e994ade088b0404057751dd/html5/thumbnails/10.jpg)
Video Demonstration: Summary
1. Passively steal RFID keycard data.
2. Create card with stolen data.
3. Gain entry and execute exploit.
![Page 11: RFID Hacking: Reconsidering Physical Security · RFID Hacking: Reconsidering Physical Security Michael J. Kannan, CISSP, C|EH Senior Security Consultant April 29, 2015 Jackson Schultz](https://reader030.vdocuments.site/reader030/viewer/2022040116/5e994ade088b0404057751dd/html5/thumbnails/11.jpg)
Video Demonstration: Tools
Tastic RFID ThiefSniff card data and store to SD card
Proxmark3Copy RFID card
Rubber DuckyUSB to bypass antivirus and gather credentials
MimikatzSoftware that extracts Windows passwords
![Page 12: RFID Hacking: Reconsidering Physical Security · RFID Hacking: Reconsidering Physical Security Michael J. Kannan, CISSP, C|EH Senior Security Consultant April 29, 2015 Jackson Schultz](https://reader030.vdocuments.site/reader030/viewer/2022040116/5e994ade088b0404057751dd/html5/thumbnails/12.jpg)
![Page 13: RFID Hacking: Reconsidering Physical Security · RFID Hacking: Reconsidering Physical Security Michael J. Kannan, CISSP, C|EH Senior Security Consultant April 29, 2015 Jackson Schultz](https://reader030.vdocuments.site/reader030/viewer/2022040116/5e994ade088b0404057751dd/html5/thumbnails/13.jpg)
![Page 14: RFID Hacking: Reconsidering Physical Security · RFID Hacking: Reconsidering Physical Security Michael J. Kannan, CISSP, C|EH Senior Security Consultant April 29, 2015 Jackson Schultz](https://reader030.vdocuments.site/reader030/viewer/2022040116/5e994ade088b0404057751dd/html5/thumbnails/14.jpg)
![Page 15: RFID Hacking: Reconsidering Physical Security · RFID Hacking: Reconsidering Physical Security Michael J. Kannan, CISSP, C|EH Senior Security Consultant April 29, 2015 Jackson Schultz](https://reader030.vdocuments.site/reader030/viewer/2022040116/5e994ade088b0404057751dd/html5/thumbnails/15.jpg)
![Page 16: RFID Hacking: Reconsidering Physical Security · RFID Hacking: Reconsidering Physical Security Michael J. Kannan, CISSP, C|EH Senior Security Consultant April 29, 2015 Jackson Schultz](https://reader030.vdocuments.site/reader030/viewer/2022040116/5e994ade088b0404057751dd/html5/thumbnails/16.jpg)
Video Demonstration: RFIDecoder
Disclaimer: This video was created for educational purposes only. No illegal entry or data compromise occurred during the making of this video.
![Page 17: RFID Hacking: Reconsidering Physical Security · RFID Hacking: Reconsidering Physical Security Michael J. Kannan, CISSP, C|EH Senior Security Consultant April 29, 2015 Jackson Schultz](https://reader030.vdocuments.site/reader030/viewer/2022040116/5e994ade088b0404057751dd/html5/thumbnails/17.jpg)
1. Introduce a USB device that automatically dumps Windows passwords (Rubber Ducky)
2. Bypass antivirus using procmon (developed by Microsoft) to gather system memory and later extract Windows passwords in cleartext (Mimikatz)
3. Plant malicious device/backdoor to extract data to remote location (Raspberry Pi)
Next Steps (for an attacker)…
![Page 18: RFID Hacking: Reconsidering Physical Security · RFID Hacking: Reconsidering Physical Security Michael J. Kannan, CISSP, C|EH Senior Security Consultant April 29, 2015 Jackson Schultz](https://reader030.vdocuments.site/reader030/viewer/2022040116/5e994ade088b0404057751dd/html5/thumbnails/18.jpg)
Recommendations
Use RFID shield wallet cards
Do not wear RFID card in plain view (if your ID card is an RFID card, consider using two separate cards)
![Page 19: RFID Hacking: Reconsidering Physical Security · RFID Hacking: Reconsidering Physical Security Michael J. Kannan, CISSP, C|EH Senior Security Consultant April 29, 2015 Jackson Schultz](https://reader030.vdocuments.site/reader030/viewer/2022040116/5e994ade088b0404057751dd/html5/thumbnails/19.jpg)
Recommendations
Monitor access with cameras
Use a two-factor authentication (RFID + keypad, lock/key, etc.)
![Page 20: RFID Hacking: Reconsidering Physical Security · RFID Hacking: Reconsidering Physical Security Michael J. Kannan, CISSP, C|EH Senior Security Consultant April 29, 2015 Jackson Schultz](https://reader030.vdocuments.site/reader030/viewer/2022040116/5e994ade088b0404057751dd/html5/thumbnails/20.jpg)
Recommendations
Upgrade RFID systems to use more secure protocols (i.e. higher frequency)
Enhance testing methodologies to incorporate physical security with vulnerability assessments and social engineering
![Page 21: RFID Hacking: Reconsidering Physical Security · RFID Hacking: Reconsidering Physical Security Michael J. Kannan, CISSP, C|EH Senior Security Consultant April 29, 2015 Jackson Schultz](https://reader030.vdocuments.site/reader030/viewer/2022040116/5e994ade088b0404057751dd/html5/thumbnails/21.jpg)
Recommendations
Disable USB ports and create a whitelist of approved devices
Monitor all log files
![Page 22: RFID Hacking: Reconsidering Physical Security · RFID Hacking: Reconsidering Physical Security Michael J. Kannan, CISSP, C|EH Senior Security Consultant April 29, 2015 Jackson Schultz](https://reader030.vdocuments.site/reader030/viewer/2022040116/5e994ade088b0404057751dd/html5/thumbnails/22.jpg)
Closing Remarks
“Don’t forget physical security. Not all data thefts happen online. Criminals will tamper with computers or payment terminals or steal boxes of printouts.”
Executive Summary to 2014 Data Breach Investigations ReportVerizon
![Page 23: RFID Hacking: Reconsidering Physical Security · RFID Hacking: Reconsidering Physical Security Michael J. Kannan, CISSP, C|EH Senior Security Consultant April 29, 2015 Jackson Schultz](https://reader030.vdocuments.site/reader030/viewer/2022040116/5e994ade088b0404057751dd/html5/thumbnails/23.jpg)
Closing Remarks
“To be sure, RFID is still widely used in retail and shipping today. It’s even at the heart of near field communication — the technology that powers Apple Pay and other contact-less payment systems.”
Before Apple Pay, There Was That Thing Called RFID WIRED Magazine
![Page 24: RFID Hacking: Reconsidering Physical Security · RFID Hacking: Reconsidering Physical Security Michael J. Kannan, CISSP, C|EH Senior Security Consultant April 29, 2015 Jackson Schultz](https://reader030.vdocuments.site/reader030/viewer/2022040116/5e994ade088b0404057751dd/html5/thumbnails/24.jpg)
Question & Answer
![Page 25: RFID Hacking: Reconsidering Physical Security · RFID Hacking: Reconsidering Physical Security Michael J. Kannan, CISSP, C|EH Senior Security Consultant April 29, 2015 Jackson Schultz](https://reader030.vdocuments.site/reader030/viewer/2022040116/5e994ade088b0404057751dd/html5/thumbnails/25.jpg)
Credits
Francis Brown, PartnerBishop FoxLive Free or RFID Hard, August 2013BlackHat 2013 & DEF CON 21
![Page 26: RFID Hacking: Reconsidering Physical Security · RFID Hacking: Reconsidering Physical Security Michael J. Kannan, CISSP, C|EH Senior Security Consultant April 29, 2015 Jackson Schultz](https://reader030.vdocuments.site/reader030/viewer/2022040116/5e994ade088b0404057751dd/html5/thumbnails/26.jpg)
ProxmarkRFID cloning hardware
http://www.proxmark.org
Resources
Bishop FoxPresentations surrounding RFID security
http://www.bishopfox.com/resources/tools/rfid-hacking/presentation-slides/
![Page 27: RFID Hacking: Reconsidering Physical Security · RFID Hacking: Reconsidering Physical Security Michael J. Kannan, CISSP, C|EH Senior Security Consultant April 29, 2015 Jackson Schultz](https://reader030.vdocuments.site/reader030/viewer/2022040116/5e994ade088b0404057751dd/html5/thumbnails/27.jpg)
Resources
Statista.comRFID Market Statistics
http://www.statista.com/statistics/299966/size-of-the-global-rfid-market/
SecurityTubeInstructional Videos
http://www.securitytube.net
![Page 28: RFID Hacking: Reconsidering Physical Security · RFID Hacking: Reconsidering Physical Security Michael J. Kannan, CISSP, C|EH Senior Security Consultant April 29, 2015 Jackson Schultz](https://reader030.vdocuments.site/reader030/viewer/2022040116/5e994ade088b0404057751dd/html5/thumbnails/28.jpg)
Verizon 2014 Data Breach Investigations Report2014 Breach Statistics by Type and Industry
http://www.verizonenterprise.com/DBIR/2014/
Resources
WIRED Magazine2014 Breach Statistics by Type and Industry
http://www.verizonenterprise.com/DBIR/2014/
![Page 29: RFID Hacking: Reconsidering Physical Security · RFID Hacking: Reconsidering Physical Security Michael J. Kannan, CISSP, C|EH Senior Security Consultant April 29, 2015 Jackson Schultz](https://reader030.vdocuments.site/reader030/viewer/2022040116/5e994ade088b0404057751dd/html5/thumbnails/29.jpg)
Jackson SchultzSecurity Consulatant – Information Security Practice
978-538-9055 ext. 131
Thank You!
Michael J. KannanSenior Security Consultant
978-538-9055 ext. 125