Hacker News new | comments | show | ask | jobs | submit login

Not all RFID cards are created the same. Most RFID cards that are some kind of "smart" (i.e. contactless bank cards, subway tickets) conform to ISO/IEC 14443 standard that mandates the use of ~13.5MHz carrier to communicate between the reader and the card. This is "the NFC" as your phone understands it.

Proximity cards used for door access usually have the 125kHz carrier compatible with the EM-Marin EM4100. No cell phones I know of have an antenna for this frequency range; therefore, no phone can read, clone or emulate an EM-Marin proximity card.

Since the HID Proxcard II is a "value priced 125 kHz proximity card", you cannot use a phone to read it.

Assuming you could read signals to/from a key-fob/HID-card, isn't there some encryption involved that would prevent merely repeating the signal to "clone" a key-fob?

You can't clone it as many do challenge response but you can relay it - check out NFCgate for example.

This would allow you to say, hold one device to the reader and one against someone's pocket to open a door.

Or to share an NFC transit pass between multiple people over the internet.

Search for "distance bound protocol" if you want to read about current crypto research to prevent relaying.

There are some interesting attempts at these protocols but most of them rely on multiple powered devices, not induction powered smartcards which inherently adds delay and not necessarily predictable delay.

No one has a proven system for doing this in today's smartcards to my knowledge. Though there is some research which promises this may be possible in the future.

Even those proximity car locks do a horrible job of distance bounding - many of them do it off RF level which means an attacker merely needs an amplifier to steal your car - and that offers an almost optimal situation for the application. So I think we'll probably see it there before smart cards. Maybe the timers necessary make this cost prohibitive though. I'm not in a position to say one way or the other.

Nope, an EM4100-compatible card (or a key fob) is just a 64-bit ROM with radio interface. You can read its value and replay it to a reader; the latter won't be able to tell the difference between the original card and your spoofed one.

Better (and more expensive) RFID tags may have an encrypted communication protocol.


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact