RFID system usage is increasing in the transit, access control, and payment sectors, with little to no foresight into effective security. This presentation will cover potential threat and attack models from the business, integrator, and consumer perspective. Beginning with an overview of the systems in place today, we will review specific vulnerabilities – many with demos – and offer potential mitigations.
Security implemented in current RFID systems is very reminiscent ofearly wavelan or SIM technology. This talk will review classes of attacks in detail, including OTA sniffing, MITM, reply attacks, backend wire interception, duplication, data tampering, Denial of Service, escalation of privilege, etc. In addition, the real-world impacts of the cracked NXP-mifare-crypto1 system will be reviewed. Paypass vulnerabilities will also be demonstrated.