The world's first RFID hacking tool released at Black Hat

Las Vegas, USA - RFDump, an Open Source RFID hacking tool, was released on July 28 at the Black Hat computer security convention.

Lukas Grunwald, a senior consultant with DN-Systems Enterprise Solutions GmbH and a contributor to the German magazine Heise, gave a talk about RFID vulnerabilities at Black Hat 2004.

Lukas warned that blind adoption of RFID is leaving gaping security holes for hackers to exploit. He released a program called RFDump which lets you read and display all metadata within an RFID tag and also modify the user data using a text or hex editor. He wrote this program to demonstrate how consumers can protect themselves by wiping out RFID data after purchasing a product but he acknowledges that it would be trivial to abuse this behavior.

What, you might ask, can you do if you hack an RFID tag ? Well as the technology is adopted more widely a thief could conceivably mark down the price of an expensive piece of jewelry before paying for it at an automated checkout counter, underage hackers could purchase alcohol or adult movies, and pranksters could simply reprogram the inventory of an entire store by just walking up and down the isles. ’The people who will be using this (shopkeepers) don’t know much about technology,’ Grunwald warned."

For our Black Hat Day 2 coverage, we will include a video interview with Lukas in both English and German.

Link to the Share: