Here’s A Spy Movie-Grade Access Card Sniffing Implant
1 min read
Summary
A new open-source device called The Tick can be used for red teaming and security purposes to reverse-engineer radio-frequency identification (RFID) and other access cards.
The device can be used to replay data on any modern “real” access card system, as simple replay attacks do not work on them anymore, due to credentials, key exchanges and crypto processors being used in the cards.
However, the new device can harvest data from such cards to crack the crypto on them.
Two examples are given where similar devices have been used by hackers to exploit real-world access control systems.
One involved an intern who was ultimately arrested for recording details of computer hardware in a nearby building, that actually belonged to a secure logistics operation.
The other example was a demonstration given by a tech company that showed off its server hardware to potential customers, that could be accessed by simply using a colleague’s RFID badge.
