80% of Prox Card Readers are Now Vulnerable

A pair of security researchers introduced BLEKey at the 2015 Black Hat Security Conference.

It’s such a high percentage – 80% – because really, all proximity card readers are made by 1 of 2 companies. Actually, if you use one to get into work, I bet it’s a HID unit.

The BLEKey (Bluetooth low energy key) can be installed in 60 seconds by attaching it to the reader via 3 wires. Then, when paired with a mobile phone, this $10 device can open a proximity card protected door.

1 – Bluetooth

2 – processor

3 – where the 3 wires attach (2 data, 1 power)

4 – battery

Once in place, it can clone cards, remotely open the door, or disable the door entirely for 2 minutes after the attacker is through.

Business Owners:

At the conference, the pair threw 200 BLEKeys into the crowd, and made available both the code, and unit for sale; it’s now out there.

To protect your business, they suggest ensuring tamper detection is turned on, and make sure to monitor the logs for anomalies. Also monitor the camera by the door, to stop an attacker from installing one into your reader.

Pentesters:

Add this to your kit. It could make the physical portion of your pentest smoother, especially since sensitive areas are often protected by prox cards.

Or use it to mess with the company’s logs.

Get the code here – GitHub

Here’s the are the guys behind BLEKey and the best part is… they’re Canadian! They also received the most cheers of all the presentations I attended.

Left is Eric Evenchick, and right is Mark Baseggio.

From Black Hat 2015

Blog tag = Black Hat

 

 

What is an Enhanced Driver’s Licence?

It costs about $40, and an Enhanced Driver’s License (EDL) can be used instead of a passport when crossing the border by car.

However! It’s embedded with an RFID tag, meaning, protect it by using an RFID-shielding wallet, like this. Take this seriously, Saskatchewan abandoned EDLs because of the potential security breach.

Read it online at Autonet.

Favourite line:

There is one major difference between the two license that you cannot see – and that’s the addition of an embedded RFID tag. 

***

Back to ‘Keri on Driving’ – Index

 

 

DefCon 19 Interview Series – Larry Pesce

Larry Pesce is a senior security consultant at NWN Corporation, author, speaker, and co-host of PaulDotCom, one of the internet’s most beloved security podcasts.

Also the only person I’ve ever met with an RFID implant.

Larry on Twitter

Larry’s site

 

Get Ready for Some Amazing Interviews

You’ll likely recognize these guys!

For those not living full time in nerd-land: these are some of the rock stars of the online security world.

(listed in no particular order, to be clear)

Dave Kennedy aka ReL1K – Founder of DerbyCon, author of ‘Metasploit: A Penetration Testers Guide’, and hugger.

Johnny Long – founder of Hackers For Charity, one of the world’s best Social Engineers, and likely does more good than you.

Paul Asadoorian – co-host of the popular PaulDotCom Security Weekly podcast series, and happy recipient of a t-shirt.

Larry Pesce – co-host of the popular PaulDotCom Security Weekly podcast series, and only person I’ve ever met with an RFID implant.

Babak Javadi – US head of Toool – The Open Organisation of Lockpickers, and good human (missing is Barry, who really shoulda been in this ; )