An introduction to RFID security

This blog is intended for individuals with a technical background eager to explore Radio Frequency IDentification (RFID) technology and its implementation. Whether you are interested in the basics of RFID or looking to enhance the security of your current RFID system, this blog is your go-to resource. Join us as we unravel the intricacies of RFID technology, discover the diverse types of RFID cards and their vulnerabilities, explore common attack vectors, and unveil essential best practices for establishing a robust and secure RFID infrastructure. We will bridge the gap where knowledge meets practicality, empowering you to harness the full potential of RFID while safeguarding your valuable data. Stay tuned for an immersive exploration that will revolutionize your understanding of RFID technology.

Most people would not think much about how common RFID technology impacts our everyday lives, other than the typical access badge from work.

You can find it in public transport cards, debit and credit cards, hotel keys, car keys, passports and even chips implanted in animals. Even fewer people know that such badges and cards have tiny computer chips that work with the power passively collected from a reader. 

This type of technology has existed for decades, as the first ‘presumed’ RFID device was given by the Soviet Union to the United States ambassador of the Soviet Union in 1945 and was later termed ‘The Thing’ (or ‘The Great Seal’) (see Figure 3). It was a wooden seal with a bug (covert microphone) behind it that was powered by receiving a specific radio signal sent out by the Soviets and sent its audio back by modulating that signal according to the sound waves received by its microphone. This ‘bug’ in disguise was hung inside the ambassador’s study and remained undiscovered there for seven years.

Although modern RFID works by sending a digital signal back to the receiver, it still works on the same principle of modulating a signal as ‘The Thing’ did. RFID chips are powered by radio waves sent out by a reader (such as a Near Field Communication (NFC) device), enabled by a payment terminal in a store. These waves are collected by long copper wires hidden inside their medium (such as a badge) that work like an antenna (see Figure 4). This technique is also known as induction. 

Once the chip has processed this information and wants to send a signal back, this technique is called ‘load modulation’ and uses modulation of the voltage of the inductive field. The communication protocol between the reader and the chip depends on the frequency at which a certain type of RFID chip operates. There are different ISO standards for each frequency, such as ISO-14443, 15693 and 18000-1-7 (see: RRFID Standards – ISO IEC EPCglobal » Electronics Notes (electronics-notes.com)). In general, there are three types of frequencies at which RFID can operate. Low frequency (based on technology from the 70s), which operates between 30 KHz and 300 KHz and is still sometimes used for access badges and animal identification, high frequency (between 3 MHz and 30 MHz), which is also known as NFC (Near Field Communication, see: What is the difference between RFID and NFC – RFID Card) and is also used for access badges. Finally, there is ultra-high frequency (between 300 MHz and 3 GHz), which is used to track large objects (containers) from a long distance (up to 10 meters). 

There are many types of RFID chips from many manufacturers such as NXP, HID, EM, and Legic. You can find these chips in many applications such as public transport cards, credit cards, university cards, supply chain trackers, etc. For an overview of which of these cards are vulnerable and to what degree, see: Special: Which access cards are hacked? | SecIndGroup.com (archive.org).  

Generally, each RFID chip has a Unique IDentifier (UID) that is written on the chip and cannot be changed on cards manufactured for existing systems. This UID is a unique number by which a card can be identified. Many access systems use this UID as an authentication factor. However, this can make the system very vulnerable to different types of attacks (which we will discuss in the next section). As a precaution, such cards can also be set up to use the memory sectors on the card, where information can be stored, with keys to authenticate owners more securely. However, depending on the strength of the encryption, these keys can be obtained by attackers, thus making the card and the system vulnerable. 

One such vulnerable chip was the one used in the Dutch OV chip card and was also commonly used in other applications. The encryption of this chip was reverse engineered by the Radboud University in 2008, which made every chip vulnerable to cloning (see: 2008-esorics.pdf (ru.nl)). They did this by looking at the physical silicon of the chip and searching for the part that was part of the cryptographic functions, which turned out to be only 10 percent of the whole chip. They found that the cryptography was based on a random number generator that could be influenced by the time of reading, and thus the key could be cracked by brute forcing different keys. This case shows that security by a proprietary secret encryption algorithm on your card only leads to security by obscurity (see: Security Flaw in MIFARE Classic (proxmark.org)). 

In this section, we discuss the several types of attacks that attackers can use to exploit vulnerable RFID cards. These attacks can only be performed on chips for systems where only the UID is used to provide access or if the encryption of the chips is broken except for the relay attack. 

Cloning 
There are many tools available that make it possible to clone an RFID card. Since systems often use the UID as an access measure, hackers can obtain the UID (or keys in the case of broken encryption) by reading existing cards from users and writing that UID to a new card or by simulating it with a device to a reader. 

One such tool used by attackers to obtain the UID and card content is the ‘Tastic RFID Thief’ (see Figure 5), made by the company Bishop Fox (see: Attack Tools – Bishop Fox Resources). It is a large HID MaxiProx reader modified to run on batteries with an Arduino, an LCD screen showing scanned badges, and an SD card reader that writes all scanned badges to a .txt file. This contraption can be used to covertly read cards from a distance (up to a meter) by hiding it in a backpack or bag and walking around a premise and getting up close to employees and their badges. To see it in action, watch this scene from the (fictional) show Mr. Robot: Mr. Robot features the Tastic RFID Thief from Bishop Fox – 22July2015 – YouTube. This device can read both low frequency and high frequency cards. 

Once a card has been read and saved, hackers can use a ‘Proxmark 3’ (see Figure 6) to clone or simulate the card to a reader. This device is widely available on websites such as Amazon, eBay and AliExpress for around EUR 100. It is specifically designed to read, clone and simulate cards. Some versions can be put into ‘standalone’ mode, which gives the user the option to perform its clone card functions without the use of a laptop, which can be useful in a covert operation. The recently introduced Flipper Zero (see: Flipper Zero — Portable Multi-tool Device for Geeks), which has recently gained much popularity, also has this capability. 

If the access system does not check access cards for their UID but requires encrypted communication using keys stored on the card, the Proxmark 3 can also be used to obtain these keys. Keys RFID chips are stored in sectors. Sometimes these keys are standard and the Proxmark 3 can easily detect them. If the keys are not default, an attacker can perform a ‘nested attack’ where, if a key is known, he can perform an authentication attack on the next sector using the known key of the previous sector and the card’s nonce (a pseudo-random number used to make sure the communication cannot be replayed) (see: Legitimate-reader-only attack on MIFARE Classic – ScienceDirect). 

Once the UID and the keys of the card have been acquired, they can be cloned into so-called ‘magic cards’. These cards have chips that look like their actual counterparts such as those from NXP and HID, but whose UID and keys can often be rewritten a thousand times. This is where they get their ‘magic’ name. However, these types of cards have a 7-byte UID instead of 4, which means they can be detected if your system is set up to do so.

In the real world, the impact of this attack would mean that attackers could gain access to your facility with a cloned card of one of your employees, or in the case of a supply chain, trackers of assets can be cloned and disrupt supply chain systems. 

Relay attacks
The Proxmark 3 can also be used for relay attacks (see Figure 7). These attacks are carried out when attackers need to access the card from a (great) distance in order to gain access to a facility. This is done by using a Proxmark 3 to read the communication from a person’s card and send this information (via Wi-Fi or Bluetooth) to another Proxmark 3, which relays the communication to the reader in real time, supplying the access needed. This real-time relay is necessary so that the reader and the card can promptly communicate with each other and recognize each other’s cryptographic communications using the nonce variables they create (see: ProxPi Relay Attack | bi0s). 

In the real world, this would mean that attackers could enter a premise with the card of an employee without ever creating a clone. This attack is also difficult to detect unless strict time-out controls are in place. In the case of supply chains, a tracker on an asset at the factory could be read directly to a reader at a distribution center of a client, making it look like the asset has already been sold and shipped.    

Replay attacks 
This is similar to a relay attack, except that the recorded communication from a card can be replayed to a reader. If the card is available, hackers can sniff the communication between the reader and the card using the Proxmark 3, which can then be saved and later replayed to a reader to gain access. Since this replayed communication is not real-time, cryptographic challenges from a reader cannot be answered by the card. Thus, this attack is only easily possible if the attackers know what responses to the challenges the target chip will give to the reader. This is only possible if the UID of the card is known, or the encryption is broken and Attacks on RFID protocols (iacr.org)). In the real world, this would have the same impact as cloning.

Brute forcing readers
As mentioned above, each RFID card has a UID. Usually, this UID is a random number assigned by the manufacturer and cannot be changed. However, on some low frequency cards, the UIDs (Unique IDentifiers) may be sequential. Such cards are the HID Prox II and low frequency Indala cards. The high frequency cards can sometimes also be sequential such as those from NXP MiFare (see: PowerPoint Presentation (smartlockpicking.com)). When used in an RFID implementation, these types of cards allow an attacker to perform a brute force attack against a reader. This can be achieved by obtaining a known UID of the target system and moving up or down from that number one by one. This attack is usually not preferred by attackers in access control applications as there are a limited number of UIDs and since each UID is typically 4 bytes long, there are 4200 million UIDs (Security with RFID/NFC at 13.56 MHz – RFID / NFC Networking Guide (libelium.com)).  In terms of the impact of this attack on access control systems, if a system grants more privileges (for example access to areas reserved for higher privileged personnel such as security guards) to higher or lower UIDs the attacker can achieve what is known as privilege escalation. In supply chain applications attackers can cause a reader to read random assets, thereby confusing the entire system about the number and location of assets. In both applications, hackers can exploit readers that are not under surveillance and infrequently used by mounting a Proxmark 3 on them to run the brute force attack for extended periods of time without interruption.

Backend attacks
These types of attacks use the memory of the RFID chip to send commands to the backend of the system (e.g., databases, middleware). Although these attacks are not common as they are very advanced, they have been proven to be feasible by researchers. Such attacks can be SQL injection (where the RFID tag sends SQL code that is executed by the database), which can delete, shut down or compromise the database. Furthermore, RFID memory can also store worms (a program that moves itself to other systems to exploit vulnerabilities) and viruses. Researchers at the Vrije Universiteit Amsterdam have found that RFID tags have the characteristics that can be used to exploit vulnerabilities in databases and middleware of RFID implementations. They provided a Proof of Concept by writing malware to an RFID tag (see: rfid_malware.dvi (vu.nl)). This can significantly impact access control and supply chain applications. For example, if the ledgers of these systems run on Structured Query Language (SQL), all the cards of employees can be deleted, making them ineligible to access the premises, or in the case of supply chains, critical databases can be disrupted. 

Good security practices

Now that we have determined that many RFID cards and implementations can be (inherently) insecure, it is best to adhere to the following good security practices to mitigate these risks:

• Do not use static information, such as the UID, as authentication information, but always use a cryptographic challenge-response mechanism to authenticate the card by using many different keys (such as the NXP MiFare DESFire EV1, or higher, or MiFare Plus cards). This prevents cloning of the cards, brute force attacks, and replay attacks.

• Implement two-factor authentication in addition to card authentication, such as a personal identification number (PIN) or biometric authentication, to prevent all the aforementioned attacks. 

• Implement time-in and time-out constraints (the number of times cards or assets can be registered in the system in a specific timeframe) for cards and trackers in your system to make cloning, replaying, relaying and brute forcing more difficult. 

• Actively monitor security access gates with readers or limit the number of times a reader can read incorrect cards to be able to detect brute force attacks. Such attacks can be easily recognized as they show up as many incorrect cards and take a long time to complete.

• Implement input validation in the backend systems to limit the risks of backend attacks through malicious injections.

In short, RFID technology has existed for many decades, but even modern cards can pose a huge vulnerability in your RFID-based security environment if not implemented well. The main risks are that attackers can gain access to your premise through cloning, replaying, relaying and brute-force attacks. They can also disrupt the access of all employees with a card through backend attacks. In case your supply chain relies on RFID technology to keep track of assets, a vulnerable implementation can lead to the risk of attackers manipulating the administration of your assets through cloning, replaying, relaying, brute forcing, and backend attacks. 

These risks are possible due to the vulnerabilities associated with the usage of cards whose encryption is broken or which rely only on the UID of the card as an identification measure. We therefore recommend that you use cards whose encryption is standardized and that you use their memory for authentication with extra information in addition to the UID. To further strengthen your security, you can implement two-factor authentication, timeout and constraints, monitor readers, and implement input validation to prevent backend attacks.