Create an Account
username: password:
 
  MemeStreams Logo

MemeStreams Discussion

search


This page contains all of the posts and discussion on MemeStreams referencing the following web page: Proximity Cards. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

Proximity Cards
by Decius at 3:11 pm EST, Feb 27, 2007

I can copy a proximity card at least as easily as I can take an impression of a key.

Read all about prox card cloning! Without a patent!


Proximity Cards
by k at 4:50 pm EST, Feb 27, 2007

This is rather magical, considering that the tag is credit card-thin and contains no battery. The trick is the same as for RFID tags. The reader constantly transmits a rather strong carrier; the tag derives its power and clock from this carrier, kind of like a crystal radio. The tag changes how much carrier it reflects back at the reader—loosely, it makes the circuit across its antenna more like a short or more like an open—to transmit its code. The reader and the tag both have antenna coils tuned to the carrier frequency; they work like a loosely-coupled resonant transformer.

I'm not sure this is a correct assumption in all cases. Certainly there are many passive cards (perhaps most of them?) which utilize the induced current from the sensor to drive the action of the card.

I believe, however, that there are also active cards, with an internal battery, which work by receiving an activation signal from the reader, thus causing them to transmit their ID. Crucially, the range of that transmission wouldn't be related to the power of the reader's signal, because it's generated internally. You could trigger the card to send it's ID from arbitrarily (as powerful as you could make the signal) far away, but the card's never going to transmit with enough power to be read at that same distance.

The one semi-sensible thing the HID representative said was that a cloning attack would be far more difficult for such active cards. Not impossible, just difficult. You really would have to get the cloning sensor within a couple of inches, perhaps less.

I know for a fact that I've had cards which contain batteries and when they fail, the reader does nothing... not denial, not error, nothing. This indicates to me that the card itself controls the power and therefore the range of the signal carrying the ID code.

That being said, if such a cloning attack is so hard, why is it so dangerous to release schematics for a cloner? It's paradoxical for the company to say simultaneously that the attack is almost impossible to execute and that it's a dangerous and irresponsible thing to discuss.

The truth is at the crossroads of all these things. For some cards, this is a danger, for others, much less so. Regardless, customers of these systems will get nervous and it'll cost the vendors time and money, possibly a lot of it. Ergo, no matter how real the threat is, the vendors will shut it down so as to save the implicit loss of customer trust. They should rely on their customers to listen to them when they say, "Yes, this was demonstrated, it's not a threat against X, Y and Z product lines because of A, B, C reasons and product line Q is being phased out for precisely these reasons." Twisting the legal system to derail security research is wrong.


 
 
Powered By Industrial Memetics