RFID Proposal: The Hack

How secure is the Engineering Building? RFID is an open-source technology and anyone with enough RF and microprocessor experience can build an RFID system. Is it possible to gain unauthorized access to the Engineering Building? We believe it is very possible. Our goal is two-fold:

First, our aim is to build an RFID system using off-the-shelf parts.

  • This RFID System will have the ability to READ Parallax RFID tag information from the Parallax RFID cards.
  • The system will have the ability to WRITE RFID tag information to the Parallax RFID Card Reader we built last year.

We will be using the Parallax RFID tags from this system as our initial baseline to determine that our own RFID Reader will both READ and WRITE as expected.

The next phase, will be to build a portable RFID Hacker with the following features:

  • Capable of reading Parallax RFID tags
  • Stores RFID tag information
  • Transfers RFID tag information to an outside application for later processing
  • Capable of writing Parallax RFID tag information (spoof our original Parallax RFID Card Reader)
  • Capable of reading / storing the Engineering Building’s HID RFID tags
  • Capable of writing (spoofing) HID RFID tag data.

” order_by=”pid” order_direction=”ASC” returns=”included” maximum_entity_count=”500″]There is a 50/50 chance that our own RFID system will not be capable of reading the Engineering Building Access Cards. This is because (for now) we do not have confirmation that the Access Cards work at the 125kHz RF standard. It is possible, that the HID system is designed around the 13.5MHz RFID standard, instead. Although this is a stumbling block for phase two of this project, it is very likely that we can build our RFID Reader rather generically, giving us the ability to ‘drop’ a different RFID Front-End IC into our design, giving us a ‘switchable’ RF range.

Our final report will include an assessment of the Engineering Building’s security, how we determined its security level, recommendations for additional security, and any software and hardware we designed to break the current RFID security system.

The biggest issue we will face with the project is the amount of fear we may face from the University’s Engineering Staff. Our goal is not to strike fear into the power’s-that-be. it is to provide a useful service to the Engineering Staff by assessing the security of the Engineering Building. There are security companies that do exactly what we propose. They assess current security measures and make recommendations to improve their clients security. Computer Security is a hot topic. With the exponential growth of the internet and the anonymity it provides, people are becoming painfully aware of the amount of havoc a single-minded computer hacker can wreak on the general public. In general, people want to be safe, but they do not want the safe-guards to intrude un-necessarily into their lives. Our aim is to provide a certain level of safety to the Engineering Students and Staff. The best part is that we cannot fail with the project. If we are able to gain unauthorized access to the building, then we will make recommendations as to how to prevent further access. If we determine that it is infeasible to gain unauthorized access, then the University’s Engineering Community can breath a nice ‘sigh-of-relief’.