Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Hacker RFID Hacking Module XXXIX Page | 3125 Ethical Hacking and Countermeasures v6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Ethical Hacking and Countermeasures Version 6 Module XXXIX RFID Hacking Ethical Hacking and Countermeasures v6 Module XXXIX: RFID Hacking Exam 312-50 Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Hacker RFID Hacking Module XXXIX Page | 3126 Ethical Hacking and Countermeasures v6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News Source: http://www.theregister.co.uk/  News Halifax, a UK bank, began issuing RFID-enabled cards for customers, which used the Pay Wave technology. The Pay Wave technology allows customers to make transactions of up to 10 euros without entering a PIN or signature. A customer named Pete, who was issued a Pay Wave card, was not interested in using the card and shredded it. Later, his transactions with the older debit card were blocked. When he contacted the bank’s help line, he discovered that his previous bank card had been automatically cancelled when he was issued the new bank card. In this way, Halifax forcibly made customers use the newly issued cards. Finally, Pete was issued a new non-Pay Wave Bank card from Halifax. Pete did not want to use the RFID-enabled card because it did not require any authorization for transactions, making it highly insecure. Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Hacker RFID Hacking Module XXXIX Page | 3127 Ethical Hacking and Countermeasures v6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective • RFID • Components of RFID systems • RFID System Architecture • RFID Collisions • RFID Risks • RFID and Privacy Issues • RFID Security and Privacy Threats • Vulnerabilities in RFID-enabled Credit Cards • RFID Hacking Tool • RFID Security Controls This module will familiarize you with: Module Objective This module will familiarize you with:  RFID  Components of RFID Systems  RFID System Architecture  RFID Collisions  RFID Risks  RFID and Privacy Issues  RFID Security and Privacy Threats  Vulnerabilities with RFID-Enabled Credit Cards  RFID Hacking Tool  RFID Security Controls Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Hacker RFID Hacking Module XXXIX Page | 3128 Ethical Hacking and Countermeasures v6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow RFID Components of RFID systems RFID Risks RFID Collisions RFID System Architecture RFID Security Controls RFID and Privacy Issues RFID Security and Privacy Threats Vulnerabilities in RFID-enabled Credit Cards RFID Hacking Tool Module Flow Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Hacker RFID Hacking Module XXXIX Page | 3129 Ethical Hacking and Countermeasures v6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited RFID Radio Frequency Identification (RFID) is an automatic identification method It transmits identity of an object in the form of a unique serial number using radio waves RFID systems work on the principle of contactless transfer of data between data carrying device and its reader • Integrated circuit to store and process information, modulate, and demodulate an (RF) signal • An Antenna for receiving and transmitting signal RFID tags contain at least two parts: RFID  RFID (Radio Frequency Identification) RFID is a technique in which objects are identified automatically. The identity of the objects is stored and retrieved using RFID tags and transponders. It transmits the identity of the objects in the form of a unique serial number with the help of radio waves. It works in a way that contactless transmission of the data takes place between the data carrying the devices and their reader. The power needed for operating the electronic devices is also transferred through a reader with the contactless technique.  RFID Tags RFID tags can be included or attached to any product, animal, or person for its identification with the help of the radio waves.  RFID tags are electronic devices that has the capacity to store the data  They are also called transponders  They can store and remotely retrieve data  Silicon chips and antennas are present in chip-based RFID RFID tags are classified into two categories:  Passive tags: An internal power source is not required  Active tags: A power source is notalways required for these tags Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Hacker RFID Hacking Module XXXIX Page | 3130 Ethical Hacking and Countermeasures v6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Components of RFID Systems • Tags • Tag readers • RFID antenna • RFID controller • RFID premises server • RFID integration server Basic components of a RFID systems: • Passive: Requires no internal power source • Active: Requires internal power source (Small battery) • Semi-passive (Battery-assisted): Requires internal power source(Small battery) General categories of RFID tags:  Components of RFID Systems The basic components of RFID systems are: Tags The main purpose of the RFID system is to allow the transmission of data with mobile devices known as tags. In RFID, every object is prepared with a small tag that has a transponder and digital memory chip. Each RFID has a unique product code. Tag Readers RFID tags perceive the reader’s activation signal when it passes through the electromagnetic zone. Readers can be mounted on a fixed location or can be held in the hand. They emit radio waves in a broad range depending on the radio frequency used and the power output. The encrypted data present in the integrated circuit of the tags can be decrypted using these readers. The data extracted is sent to the host computer where it is processed. RFID Antenna An antenna is bundled with the transreceiver and a decoder. Radio signals are emitted by the antenna to activate the tag. It reads the data from the tag and with some tags, it can write data to the tag.  RFID Controller An RFID controller is used in a store or distribution-center environment. It supports the following functions:  Provides connectivity that is either synchronous or asynchronous.  Provides software deployment, which includes device drivers, filters, aggregators, and dynamically loaded software modules.  Ensures security that authenticates the readers at the edge. Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Hacker RFID Hacking Module XXXIX Page | 3131 Ethical Hacking and Countermeasures v6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.  RFID Premises Server An RFID premises server is used in a store or distribution center. It supports the following functions:  It adds persistence for storing all incoming RFID events from controllers.  Commands and data are passed to the network using synchronous or asynchronous communication.  It provides limited support for process management.  It sends and receives commands and data from the server with synchronous or asynchronous methods and behaves like a gateway to the RFID integration server.  RFID Integration Server It supports the following functions:  Process integration with complex management is offered.  It improves RFID data from existing sources, which provides the ability to clean and validate the data.  Business-to-business processes and various graphical user interfaces are integrated.  Customers can select various software products to replace servers or to implement their own skills. Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Hacker RFID Hacking Module XXXIX Page | 3132 Ethical Hacking and Countermeasures v6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited RFID Collisions • RFID Tag collision happens when multiple tags are energized by RFID tag reader simultaneously, and reflect their respective signals back to reader at the same time RFID Tag Collision: • Reader collision occurs in RFID systems when coverage area of one RFID reader overlaps with that of another reader • This causes two different problems: • Signal interference • Multiple reads of same tag RFID Reader Collision:  RFID Collisions Source: http://www.technovelgy.com/ct/Technology-Article.asp?ArtNum=57 RFID Tag Collision Tag collision in RFID systems occurs when numerous tags are energized by the RFID tag reader and the respective signals are reflected back to the reader simultaneously. When a large number of volume tags are read together in the same RF field, it is difficult for the reader to differentiate the signals, as tag collision confuses the reader. Many systems are invented to distinguish individual tags; these systems may vary from vendor to vendor. For example, when the reader identifies that tag collision is done, he/she sends a gap pulse signal. By receiving this signal, each tag asks a random number counter to determine the interval before sending its data. Tags send their data separately, as each one gets a unique number interval. RFID Reader Collision: Reader collision in RFID systems occurs when the coverage area of one RFID reader coincides with another reader. This collision causes two problems:  Signal interference This problem arises when RF fields of two or more readers coincide and interfere. This issue is solved by enabling the reader program to read the different data at different times. This technique is known as Time Division Multiple Accesses (TDMA) that results in reading the same tag twice.  Multiple reads of the same tag This problem arises when the same tag is read only once by the overlapping readers. It is solved by allowing the given tag to be read only once by the programmed RFID system. Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Hacker RFID Hacking Module XXXIX Page | 3133 Ethical Hacking and Countermeasures v6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited RFID Risks Business Process Risk Business Intelligence Risk Privacy Risk • Hazards of Electromagnetic Radiation • Computer Network Attacks Externality Risk  RFID Risks Source: http://csrc.nist.gov/publications/nistpubs/800-98/SP800-98_RFID-2007.pdf RFID technology enables an organization to significantly change its business process to:  Increase its efficiency, which results in lower costs  Increase its effectiveness, which improves the mission’s performance and makes the implementing organization more resilient and more capable to assign accountability  Respond to customer requirements to use RFID technology to support supply chains and other applications The RFID technology itself is complex, combining a number of different computing and communications technologies to achieve the desired objectives. Unfortunately, both change and complexity generate risk. For RFID implementations to be successful, organizations need to effectively manage that risk, which requires an understanding of its sources and its potential characteristics. This section reviews the major high-level business risks associated with the RFID systems so that organizations planning or operating these systems can better identify, characterize, and manage the risk in their environments. The risks are as follows:  Business Process Risk Direct attacks on RFID system components potentially could undermine the business processes the RFID system was designed to enable.  Business Intelligence Risk An adversary or competitor potentially could gain unauthorized access to RFID- generated information and use it to harm the interests of the organization implementing the RFID system.  Privacy Risk Personal privacy rights or expectations may be compromised if an RFID system uses what is considered personally identifiable information for a purpose other than originally intended or understood. The personal possession of functioning tags also is a privacy risk because it could enable tracking of those holding tagged items. Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Hacker RFID Hacking Module XXXIX Page | 3134 Ethical Hacking and Countermeasures v6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.  Externality Risk RFID technology potentially could represent a threat to non-RFID networked or collocated systems, assets, and people. An important characteristic of RFID that impacts all of these risks is that RF communication is invisible to operators and users. In other AIDC and IT systems, it is often easier to identify when there is unauthorized behavior.