/299$30c3-talk-5334

Hallo Du!
Bevor du loslegst den Talk zu transkribieren, sieh dir bitte noch einmal unseren Style Guide an: https://wiki.c3subtitles.de/de:styleguide. Solltest du Fragen haben, dann kannst du uns gerne direkt fragen oder unter https://webirc.hackint.org/#irc://hackint.org/#subtitles oder https://rocket.events.ccc.de/channel/subtitles erreichen.
Bitte vergiss nicht deinen Fortschritt im Fortschrittsbalken auf der Seite des Talks einzutragen.
Vielen Dank für dein Engagement!

Hey you!
Prior to transcribing, please look at your style guide: https://wiki.c3subtitles.de/en:styleguide. If you have some questions you can either ask us personally or write us at https://webirc.hackint.org/#irc://hackint.org/#subtitles or https://rocket.events.ccc.de/channel/subtitles .
Please don't forget to mark your progress in the progress bar at the talk's website.
Thank you very much for your commitment!

======================================================================

Hello everyone. Physical key are getting replaced more and more by electronic alternatives.

Also using RFIDs. And there are many pitfalls in RFID key access systems.

Our next speaker will share a bit of a light into what you can do wrong and how you can exploit it.

Please give a warm round of applause to Adrian Dabrowski.

[applause]

So, welcome to the RFID treehouse of horror.

Well, first a short overview. I will show you some centralized key systems used in Vienna, Austria.

There are apparently a lot of key systems in Vienna.

But probably in other countries too.

Then I will take a short tour on explaining what RFID is and how it works and the I tell you about my ... how to hack a city-wide access control systems.

So let's start. Apparently I think in other cities it's the same but in Austria we have a lot of these centralized keys.

For example the WEZ-2000. The Wiener Einheitszylinder 2000.

[applause]

So it's the venice unified cylinder 2000.

Apparently from a time where everything sounds cool when you add 2000 to it.

So this is actually the key used by the fire brigade to open all the backyards, to open all the posts and gates and bars and parking spaces.

If you need a parking space or deliver something this is the key you get.

There are other interesting keys.

Yes, actually, the regulations on this key. You are not forced to use a padlock that accepts this key.

But if this service need excess they will break your padlock open and you will not get ...

Also, you are not allowed to use a padlock that has a security level that is too high.

Basically everyone uses this one.

The other interesting keys, for example this one. It's for electrical cabinets but then, like with other systems there is some time of application creep, similar too permission creep,

where someone aggregates permissions over time, keys or actually all kinds of solutions tend to aggregate additional use cases.

So for example this key was actually specified in the 60ties only for authorized personal for electrical installations.

And its used indoors and outdoors and meantime it is also used for circuit-breakers, for gas, for heat, for water, for everything.

So basically, some power grid companies started to use another key now.

Since 2009, it is a magnetic key lock, its very complicated but actually every party in the house can get a key to access only circuit breakers for there level and not the other ones.

But basically for all other buildings in Vienna there are just using this key.

And there is a third very interesting key that when i talked to people abroad the didn't believe me.

Its the Z/BG.

And this key actually is very interesting.

It allows you to enter almost all residential buildings in Vienna.

The story behind this is like this.

There was a time where caretaker need to be available at daytime and when for example the post

want to deliver the mail, then the caretaker would open them.

This obligation was canceled and it was also the time where all the door intercom systems where installed.

So someone had the brilliant idea let's put a small cylinder that bypass the door intercom system and just opens the door.

So also this key is used for garbage collections.

Because in vienna al garbage is collected in small rooms that are accessible either from the staircase or the outside.

So, actually this key in the mid-nineteeth when I first came across this key it costed like 150 or 200 Euro on the black market.

However in recent years the price has fallen to something like 10, 15 or 20 Euros.

So, basically, it became very popular actually.

Because after the post delivery service used the key.

Then additional services like in the case before got this key.

Some are official users like fire brigades and emergency services or garbage collection.

Hello, everyone. Physical keys are getting replaced. More and more by electronic alternatives. Also using RFID, and there are many pitfalls in implementing RFID access systems. And our next speaker will shed a bit of a light into what you can do wrong and how you can exploit it. Please give a warm round of applause to Ergon Topolsky. So welcome to the RFID Treehouse of Horror. Well, first, a short overview, I will show you some centralized key systems in Vietnam, Hanukkah key systems in Vienna and used in Vienna, Austria. There are apparently a lot of these systems in Austria, but probably in other countries too. Then I will take a short detour on explaining what RFID is and how it works. And then I tell you about my crusade how to hack a system city wide access control systems. So let's start. Apparently, I think that it's in other cities. It's the same. But in Austria, we have a lot of these centralized keys, for example, the the it, said Zvi Townsend, the Vienna Ein Head Cylinder and apparently. So it's the unified cylinder of 2000, apparently from a time where everything sounded cool when you added the 2000 to it. So this is actually a key used by the fire brigade and others to open all their backyards, to open all their posts and gates and bars or parking spaces. And so if you need a parking space or need to deliver something does is the key to get. There are other interesting keys. Yes. Actually, the regulations on this key are like this. You're not forced to use a padlock that accepts this key. But if an emergency service needs access, they will break your padlock open and you will not get rent perished. Also, you are not allowed to use a padlock that has a security level that is too high. So basically, everyone uses this one. The other interesting keys, for example, this one, it's it's it's for electrical cabinets. Actually, it was for electrical cabinets. But then, like with other systems, there are some kind of application creep similar to permission creep
, where someone aggregates permissions over time keys or this or actually all kinds of solutions tend to aggregate additional use cases. So, for example, this key was actually specified somewhere in the 60s, only for authorized personnel, for electrical installations, and it used indoors and outdoors. And in the meantime, it's also used for circuit breakers, for gas, for heating, for water, for everything. So basically. Yeah, some some power grid companies started to use another key now. Since 2009. It's a magnetic key lock. It's very complicated. But actually every party in the house now has a can get the key to access only the circuit breakers for their level, for their floor level and not the other ones, but basically for all other buildings in Vienna. They're still using this key. And there is a third very interesting key that when I talk to people abroad, it first don't believe me. It's that big key, and this key actually is very interesting because it allows you to enter almost all the residential buildings in Vietnam. The story behind this is like this there was a time when a caretaker needs to be available during daytime and when, for example, the Post wanted to deliver the mail, then the caretaker would open them. But then this obligation was constant, and it was also the time where all this door intercom systems were installed. So someone had the brilliant idea. Let's put a small cylinder that bypasses the door intercom system and just opens the door. So also, this key is used for garbage collection because in Vienna, all garbage is collected in small rooms that are accessible either from the staircase or from the outside. So. Yeah. Actually, this key, even in the mid-nineties when I first came across this key. It costed like 150 or 200 euros on the black market. However, in recent years, the price for this key has fallen to something like 10 15, sometimes to euros. So basically, yeah, it's become very popular, actually, because after the post, the post de
livery services used this key, then additional services like in the case before it got this key, some on off as official users like fire brigade and emergency services or garbage collection. Then there were supreme the Supreme Court decision. The newspapers made this decision or went to the Supreme Court because they wanted to deliver the newspaper to the front door. And then there were a lot of unofficial users, like advertising distributors, broking sales agents and maybe occasionally also homeless people off burglars. So since this key is now, yeah, it's become very popular on the black market, let's say like so so in since 2006, there is a new way to secure your your door or because I before I go to the next slide, actually. If you have the zet key and the power key, you don't need the key to every individual apartment in the building. Because when you get into the house and turn off the power, I think that people will come out by themselves. I just think so since since it's terrible, insecure since 2006, there is a new system. It's called game, and the system uses electronic chip cards or RFID cards and tries to to evade all the shortcomings that these mechanical key systems has, like blocking stolen or lost keys, blocking duplication of keys. It's all the things that they are supposed to do, and also the new system allows the caretaker or the property management to distinguish between different user groups. It's a little bit small, but she can define if, for example, advertisment is allowed in the house or not. So as I said, 2000, it was introduced in 2006, and in 2009 it has had about 4000 installations in Vienna. And last year it was like something about 9000 installations. And by now, this should have gone about over 10000 installations. And since the last year, they're also expanding to other cities in Vienna. The mechanical clock actually is used in white parts of Austria, not only Vienna. I've seen the same key in Linz, in Melbourne, touring in Vienna, n
o doubt in Graz. So is actually all over in in eastern parts of Austria. So these are some of the claims that the manufacturer makes. Yeah, the maybe it's a little bit small. First, they say it's unkillable and second to say they have these testimonials like, Oh, since I installed this lock out, a series of break ins have been stopped and stuff like this. They started a big marketing crusade against the old mechanical system. However, fun fact there are a 100 percent subsidy of the company that is said to invented Mehanna cookie in the 70s. So when this key system was installed, this electronic system was installed in my apartment building. I was like. Challenge accepted. Later, it even became my diploma physics. So now a small detour because I had no idea about RFID and I looked at several RFID systems on a map, I'll show you first how RFID works because RFID actually is not a standard. It's a concept. And depending on how far you get back into history and what books you read, they sometimes say our roots are in the Second World War for a friend of food detection and stuff like this. However, nowadays you have quite a lot of different RFID systems. And yes, actually, before I show you the next slide, everyone who studied electrical engineering please look away because it's a really oversimplification of the thing, but I wanted to sort. It's for those people who have no idea in electrical engineering or in physics. So basically, you have all kinds of different frequency, all kinds of different systems and physical properties. These are Rafferty's rely on. Mostly, it's like this you have a passive transponder that gets its power supply and its clock. And it's data over the air over some kind of physical channel and then sent something back to our other systems, which are a semi passive that have their own batteries, for example, if you're in daily life, you will mostly find 150 125 kilohertz text called low frequency texts and 13 megahertz text cold called high frequ
ency texts. And basically, it works like this. Let's think of a transformer. You probably know it from from high school. So basically, you know, if you attach alternating current, it transfers power over a magnetic coupling to the secondary coil. So. Where is my point here? So in the second picture, you see, if I close the switch, I can transfer power and I also transfer at the clock signal because I have some alternating current. The second thing is how so I can transfer data to the secondary call by simply switching on and off. The primary coil. The second thing is, how can I transfer data back over this transformer? And this is done by call by, mostly by load modulation and the systems I talk about. Basically, if you add additional power things, then also the because of conservation of energy, the the current on the primary coil also is higher than before. So by switching on and off, some note, you can transfer power back to the you can transfer data back to the primary call. Because of distances. Yeah, usually you have a completely different downlink protocol than an update protocol because they are very different. However, you have now the four basic properties that are transferred over air. So when I remove the transformer car and just pull it a little bit apart, I have something like an air transformer and now I have a very bad coupling. But it's enough to transfer a little bit energy and a little bit data over this gap. So you can make some kind of tech, some on this. There are just very, very damp RFID tags that just have a presence or one bit tags. You usually find, for example, in burglar alarms, you have text that just produce an identification number and then it goes up memory text, which has some kind of it from a flash memory crypto attacks. But I don't have crypto functions on it or crypto logically encode or encrypt the data channel. And then you have really wireless smart cards where you can even put your Java applets or card lets on. It's some cus
tom applications. Basically, there are. A lot of ISO standards are a lot of proprietary standards and our ISA standards. However, they basically only specified a transport layer and mostly don't specify any encryption. Just a short overview, which too is professional, more or less professional tools. You can find to debug RFID. So, for example, on the left side to see the competent tool, it's very neat device because you get like Wireshark style traces you see on the bottom. However, this device costs depending on the options, like 10 to 20 thousand euros. Hmm. OK. Justice Yeah. Carpe diem attack, which costs about 600 700 euros. It's still a lot of money. And as the prox mark free, you probably already heard on previous CCC lectures in the previous years, which cost about 250 300 euros. However, yeah, the proximity is a very neat device that supports low frequency and high frequency texts. However, the software is kind of put free of different styles and different qualities. And for what I have needed for my project at this part, yeah, actually, I have had to rewrite a whole bunch of codes, codes. And after that, I realized that I have to go deeper because there were some issues with with glitches, and then I decided to make my own simulator, but also because of other reasons. I will get updates later because yeah, you're seeing they are all very expensive. And the thing is, I think cheap exploit is better exploit because every time you have something like, Oh yes, it's academically broken, but you need something like 10000 euros to break it, then every manufacturer will sit back and say, Well, that's kind of a security. I mean, you've if it's cost that much to break our system and you secure something that is less valuable, valuable than the costs of an attack, no one will do it because so you have to find very, very cheap attacks to to circumvent this to. The savings. So let's make a small detour about different RFID systems I encountered in Vietnam. So for examp
le, there is this NFC ticketing system by the violence and the local transport company in Vietnam and. Basically, you can touch your phone on the sticker and then you'll buy a pass. Funny thing about this one, I often get asked What's the difference between NFC and RFID? Is it the same because most people use it interchangeable? So actually, RFID NFC is a higher protocol and data layer on top of the transport layer of RFID. You can use NFC on different card systems, but that then has a standardized data format. So like the Participe, for example, or on other protocols, so you can buy this tickets, and the funny thing about these stickers is don't get distracted by all the bubbles. The interesting thing is here on the 25th bubble, basically, they use my four cards and your risk group for beach memories to one sector. And the last beach memory is like the access control with all the keys and the access control permissions. And the funny thing is, well, when they're writing down the text, they had something like an off by one error. They started writing the security page just always in the next sector, so revealing, firstly revealing the secret keys. And secondly, they left the unused sectors unprotected so you can like, use it as a letterbox by leaving messages for your friends, by passing by with your phone. Another thing is this brand of coffee machines you will you'll find in Austria, in universities, at airports and and other places. Office buildings and they have this electronic purse, which is based on my fur actually when casting all at all and others already present it at like five years ago, the how crypto one works and how you can break it. So it was like two minutes for me to to see what's on this token. Then I just added one euro to it and make a difference and could could actually write any any amount of money on the stack. I like to have. Very interesting. I mean, it's like five years ago. They have no way of disabling this or getting a new system. I wil
l come to this in my conclusion later on. Actually, that's a very hard problem on how to design an update path. Also, they use some kind of key that is derived from the from the unique ID of the cards. But basically, you either break this case or you can use you I.D. Rewritable, my four cards, which are available from China. Actually, I have not found any online countermeasures like they could make something like offline history, check or collect the data because once a week a technician has to visit these machines at least once a week and refill it, and seven think so they could collect all the data and then at least blacklist these cards that don't fit into a plausibly check. But they obviously don't. Just to make sure I have not used any of this funds over the amount that I've charged it. And. Another interesting key system that you find all over the place is this M 41 02 based your actually this is the kind of alarm and access control systems you get in in whole markets and hardware stores and electronic stores. Also, I've actually these are very, very damp keys because as you remember the pyramid, they only have this unique idea. And actually what they do is whenever they get into a reading field, they just start to broadcast their ID in an endless loop. So and actually, I also know an insurance company in the center of Vienna that used this key system like something like until a year ago, then they switch to a new one. And there is a very nifty chip from USMLE that is basically a radio frequency power function generator, so it has a E prom and some kind of controller. And then if you look into the data sheet, you will find. Well, I can choose all kind of modulating schemes. I can choose different data types. I can choose different devices. So basically, it's a function generator and by pure chance, you can program it that way that it produces the same signal that's an original chip would produce. I don't know why it will developed not something like this, but
it's very convenient device and you find like this Chinese copying machines, you just have to put your original kit out and put this rewritable at metal chip there, and it's copied. Also, confronted with the low security of this huge city based systems of the proper property or building management often states, well, yes, maybe it's not that secure, but it has one certain feature. We are very proud of and it's very convenient. It's blacklisting certain keys when they get stolen or when people lose their permission to enter the building. So I thought interesting. Is it really like this? I mean, OK, you have now something like 48 or 64 bit keys, space and searching. It would take like hundreds of years. So is it? But is it really that secure? So I looked at the key system that basically works the same at my university. It's for the technical laboratories, electrical engineering laboratories. And what I found is so I spoke with the administrator and she gave me an anonymized copy of the access control database. And then I make some very easy statistical analysis. But just making a histogram of it and basically it's a little bit small, but this is the this is like you plot the key range on the x axis and you see, well, basically almost all the keys are in one range. So I zoom in and I zoom in and I see like, Oh, they have like apparently they bought like five batches of cards. And where they are produced, they are numbered one by one. So basically, that's that's somehow ineffective when you're blocking the are because when the car gets stolen and you block disunity, I have to talk to you on the left. So when you're just taken, you added this one off, up or down. You have a 93 percent probability of finding another valid uad. And with two up and down, you have like 98 percent probability. And basically, if you are for this, for this alarm systems or access control systems, you buy in a in a hardware store. It's probably the numbers are not that small, but still you have
like you get one card and, you know, more or less the range where to look for other cards because obviously they also bought this cards in batches. So one thing that vendors of the manufacturers of this card should really do is randomized you at ease when they really sell like this unsecure systems. So at least randomize it. As nice project mates by musician Eric, you have he done a lot of talks in the recent years on the CCC is. This sniffing device actually uses just a USB audio adapter to sniff this 125 kilohertz text. This is possibly because modulated data is like in the range of four kilohertz and, well, you know, sampling frames, so you need at least eight kilohertz, or maybe just six kilohertz. And you can sample it with your audio. So this is but this is just a sniffing device. I wanted to Bill, so I wanted to build something as a side project for my talk. It's not finished, actually. But the idea was, well, let's build a device that just sweeps through an I.D. range and it should be cheap. So the idea is, I just take your phone and use the audio output to a small socket with a transistor, and it then modulates the signal and just sweeps through all the units in a certain range. Actually, I wanted to present it to here, but it wasn't finished by now, but I probably release it in two or three weeks. There are some key facts with it because you have no return channel. You're not cynical or you're not. Yeah, you're not synchronized with the sender. However, with my my calculations showed that you only have to guess the carrier frequency with a within one percent and the rest should be done by the Manchester recording, which is self synchronizing. So this should circumvent like a lot of this whole market systems. I would like to talk about how I why I think that is all this insecure systems will not go away that fast. Even with so simple hacks like this, I forgot to mention something on the previous night here because actually, if you look at this block diagram
, there is this analog front end. And when you want to build your own simulator for techs, you have to make an analog frontend. And actually, there's a lot of literature literature on how to build RFID readers, but almost none on how to build text. Interestingly, however, as I show you later, it's actually not that complicated because also the manufacturers want to make cheap attacks, and so they just rely on very simple digital circuits and don't want to mess around with with hybrid circuits. So let's get back to the Big East system. So first step is reconnaissance. I need to get it to our unit. I don't want it to steal the one that's in my apartment building. And I also don't own real estate that could be upgraded to the new system. So I contacted a general distributor. But they saw. They told me, well, actually, it's only sold by locksmiths and electricians, but they can name me some, some wholesale distributor, downstream distributor of wholesale partner. And with the reference that I'm coming from this general distributor actually at the downstream distributor or down at the wholesale partner actually sold me one. And I dressed up a little bit and said, OK, I'm I'm building on, I want to upgrade my building and I even got a discount because I was a new customer and everything. Actually, last year, I found there's now a Web shop that also sells them, but back then there wasn't. So now I had this hardware device that took it apart, looked at it, identified some components and saw, OK, they're using some Texas Instruments chips for the RF front end. So I built a very small sniffer. And yeah, you see it very small. It's just a so-called envelope detector. And I could start it. This is a trade oscilloscope trace. You see some bits here appearing out of two of the. Signal terrible. Basically, it's just a diet and a low pass filter. So actually, you could start decoding some bits, and it reassured me that I have to do with some cards that is based on ISO 1500 693 stan
dard. So the next thing was how to get real user cards. I mean, OK, for example, I could start as a volunteer at the Red Cross and then work my way up to the point where I get handed over a. But this takes like maybe a year. Hmm. Maybe, maybe I know someone at such an organization and he can borrow me a cart, but I don't know. So I cannot do this, you know, maybe I can buy a long range reader. However, long range readers are quite big and power consuming and heavy and very expensive, like they start at €2000. And this is a picture of such skates. And seriously, I don't have to say my name, so, but what I have money for was some kind of, let's call it midrange reader. It's like a reader that's 25 centimeters in diameter. And I packed a small microcontroller and a very big battery pack on it and a small external memory and went to my post office. And really, for about five euros day, I could convince them to send this parcel back home to me. So while it was in transit, it's simply recorded all the keys every few seconds it's recorded, all the keys in vicinity. Also, I didn't trust that Austin post very much, so I put a very big battery on it. I didn't know how long it takes them. Yeah, and it worked on the first try. So I I had some. I had the key something. Yeah. So therefore I could show that everyone can get samples of this key cards without knowing anyone or investing a lot of money. Just a side note, what would happen if someone found this parcel like suspicious and reported it to the police or something that I would probably have been woken up by anti-terror squad? So that's why I've put a small note into the parcel saying, OK, it's an experiment. Here's my phone number. However, it didn't happen. So the next thing was, yeah, I've built a small sniffer and and I want to extend it to an emulator, and then I wanted to do some some testing like fuzzing and systematic testing with door opening unit. And actually, it was kind of interesting thing because programing s
uch thing is quite tricky because you have to keep the timing exactly to the original. And actually, you are started to program with Oscilloscope behind you because every time you receive something like, in this case, this is the bits that's coming in or the D modulated signal, and actually it's the modulated signal. And then I have to modulate it. And actually, you start like interweaving different loops like you receive a bit and you try like to decode it and then also to to check some calculation, all while you're receiving. And because afterwards, when the request ends, you have actually almost no time to prepare an answer. You have to do all the things while you're receiving this. And also for sending it like I've misused to PVM generators on this very cheap microcontroller that, like trigger themselves. So the one triggers the other and the other way around. And it was quite an experience, but actually, yeah, I could then use this for systematic tests and use the emulation and cart replay attacks, and I've designed it that way. This is my prototype yonder, right? With the. You can see here is the original door opening unit. This is my microcontroller. This is the analog front end and discarded antennas once tacked on another. And actually, it's the whole set of cost, like less than 20 euros. I can show you briefly, show you how it looks like it's actually quite simple, I was surprised that then the front end actually isn't that hard. I mean, I've never studied studied electrical engineering, but basically you have here your resonant circuit, your rectify it and then you have an output transistor here and an input buffer. And yeah, that's everything. And then you feed it into your microcontroller and write your program with with all the testing equipment. Now I had I could build a model of the inner working. So a bit like this flowchart showing how it works, how the checks are because it's kind of reiterating the existing cards. And also it has some kind of bru
te force protection. So every time I meet a test, I have to simulate the removal of the card, which takes a little bit of time. But at the end, I could analyze what different cards that are and how it supposedly works. So basically, there are four types of cards. There is no use of cards with encrypted data in it. They have, like three sectors, sectors which always have like three memory pitches. They are just MasterCard ownership card and programing card to work together. You need the ownership card with the programing card to to make changes to the configuration of the device. And then there is the something there is the use of cards like are these 10 groups? I showed one on on the earliest nights and there is one group that's called by cards or in former times, it's called test cards. I looked it up using the internet wayback machine from from the vendor's homepage. And the interesting thing is the first sector is unencrypted that just has some kind of checksum and second and third sector are somehow encrypted based on the unity of the card. However, yeah, the bulk not only uses the first sector, so it's completely unencrypted. For what reason, ever? So actually, there are two main findings the ball court and the rest of you, and the second one is that the manufacturer assumed that the UAE is not duplicate the bill and not changeable. So that's yeah, the wrong assumption that the meteor. I also did some B.S., I'm not a crypto analyst, but I did some basic tests and brute forcing, but they didn't reveal any much. So now it's time for evaluation. After all, it was my diploma physics. So I went like to 110 house entrances in Vienna and tested it, tested them. So basically, 92 percent of residential houses in Indiana use either the old mechanical key or the new electronic key and. The out of this nine of does, ninety two percent, 16 percent use the new electronic variant. So actually, I was able to transfer to bowl concert where old KeePass. And 43 percent of the ins
tallations could be opened with to keep us. So what could be more Austrian than a ski pass? So the costs of this attacks like two two euros deposit in the ski resort of your own choice. Also, I made a small Android app for my NFC phones to reprogram ski passes. I must say the Android R RFID NFC up is really terrible. Yeah. So now, as I said, 43 percent could be opened with a reprograms, 80 percent, 93 percent could be opened with car simulator. What's with the seven percent rest? I'm not really sure because it was like, Yeah, I didn't know. Maybe the lock is broken or maybe some other thing I couldn't test for this. Also, it was quite funny because I was a little bit afraid, OK, I'm going there around in the city and testing all the entrances, so I made up some kind of cover story. I got this, I got this workers check jackets to look like a technician. But but actually, no one cares. So, yeah, as I already said, the cardinal later can be billed for something like a little bit less than 20 euros. Even if you have to produce your own PCP in a petrol form for 10 pieces and then buy all the all the parts of less than 20 years. Which shows that thank you, which shows that you can actually circumvent the new system with actually almost the same amount of money that you could circumvent the old mechanical system. So no additional security at all, actually. And a funny thing I found is on their homepage. I didn't mentioned the blacklisting feature, so. And there are different variants of this lock and the basic variant. It's called basic costs like 300 euros, including the installation, and there is a 600 euro variant that has a blacklisting feature and you have to buy this. Additionally, you have to buy have a yearly fee annual fee for this blacklisting feature. And this is actually this is a picture from the Facebook page showing how they update the blacklist. So. If you read the contract now, it's not you don't want any more white, there is only one black list update per
year included. So actually, even if you have this premium look and you'll pay for the updates, a stolen key, even for one, for non-recognition, even if you don't know all the stuff I told you about now in the last minutes, Diski still has a value because it maybe gets blocked a year later. Also, the basic devices don't have a blacklist feature at all. I mean, come on, seriously, it's 2013. They are like just modules for 20 or 30 dollars. You could build a built in one in every block, but OK. So just for a black box analysis of the biggie, a key system, the four main points are the circumventing. The cost of the materials are more or less the same. Like the mechanical system, there's no additional security offered, no practical use. Then they used an inappropriate card format. Assuming that the UID is fixed and not Clonmel, the the basic design is somehow broken and also their default configuration, like up until 2009, it was like the default configuration to enable the bulk card. Later, they changed it. And also that the blacklist features just once a year. That's ridiculous. However, so customers should actually should not expect any significantly higher security of the new system than of the old system. And it could care less or something like this. So the other question that comes to your mind probably is why will crappy security solutions accompany us and have such a long lifetime? By the way, all this things that we show that are broken don't go away. And the first answer is users don't care. Because you always get to smoke and mirrors and and nice marketing sayings from the companies. And every time you present an attack, let that cost like €10000, the company will say, Yeah, well, see €10000 just protect things that are less valuable and no one will use this attack. Because, yeah, don't attack us are not insane. The other thing is that like in this in this sample with the coffee machine, this is a prime sample, also this one. Vendors somehow did not realized
that the need to build in an update plan in mind in software for every one of us, it's clear for like ten years now that whenever you have a security solution, you are in the kind of arms race we've seen with the dark side of the world. So you need some kind of update mechanism and update path, and you cannot make online updating of your program code in heart to that easy. However, for example, black lists could be updated by GSM and but also like with with the coffee machine. If you design this electronic purse like to be modular and to have an update plan that when you decide to change your card format, you first replace your your reader modules and then step by step, replace all the cards in the field and then you switch to the new format and something like this. If you build this in from the very beginning, then you have a chance to do it. Otherwise, you will will face very severe costs, and this is something that people that buy the system should be aware of that and should ask what? What is the lifetime, the supposed lifetime and what will? Thank you. What what is the way to upgrade it? Because no security solution lasts forever? Actually, as a nice example, with PTV cards in Germany, which have been broken multiple times and like Primera, learned it the hard way. But actually, it looks like that now. For several years, they they learned how to do it because yeah, you need a way to change, you know, some kind of lifespan for your security solution and you are prepared to change it after this lifespan. And if the security solutions stays unbroken for far longer time, then you have some. You make money out of it a little bit. You have to price it in, of course, from the beginning. And if not, you should be. You should should have all this procedures up in place to change all your cards and to change to the encryption system. Also, the other thing is that, like I mentioned before, the application creep that. Solutions that are in place are then later misused for
other things that are not designed for and you should. Always be aware that are probably not up to this high standards that you need for a new solution. So to sum up. So why am I doing this and generally security is not verifiable, only falsified. So you have if you have a new security solution, you have to go through a series of qualified attacks and only if you survive them, you can assume a certain level of security. And also, it's very I think it's very important to provide cheap exploits that are practicable, otherwise windows will always claim some kind of practical security. As I mentioned earlier. So my last word is the cheaper and exploits the better. And I hope you had a lot of fun and, yeah, built cheap exploits. Yes or no for the question, I probably first question will be, yes, I've informed the vendor of the system food served at Cert authorities in Austria. Thank you for this very entertaining talk. If you have questions for the speaker, please do line up at the hall microphones one two three four. And up there as well. While you do that, we have one question from the internet. OK. I don't really know if you already said it. What happens with the big cheese system? If you have a power shortage in the building or if the box where the system is in doesn't have any power? Yeah, well, then you still have to use the mechanical keys. But so far the emergency services won't get in. But a normal user of a normal apartment or an office building still gets in because he has his mechanical key. Microphone one, please. Hi. Just one information, one question in France, we have the same system since since 97. So it's pretty old now. And for the user keys for like the plus guy and the other put a restriction. So those kind of keys can be used between like after 2pm. So maybe some of I'd like to know if you encountered this kind of control measures might be some of the doors you can open. Well, you know, like New York wasn't allowed to open this door at that time. S
o this is a fear. If I had just seven percent of systems that I was asking if it was like something that was no, because in France, this is, oh, it works. Yeah, yeah, that that the premium variant of the system actually supports our clock based access controls. So maybe this was the case because it try to win versus infringements. We have a lot of old systems that don't work like this. So yeah, it's still easy to open microphone to please. Yeah, hi. Thanks for doing the exploit. You mentioned that you informed the companies. So what was their reply being from Vienna? And it sounds like it to be sure if like if you're losing. Yeah, actually, I've informed the Senate 80 people, and they informed the company, and like I've wrote one page of how I did this exploit and some possible solutions have the. What are the other car systems they could probably switch to and how they probably could make it? The only reaction of the manufacturer was like, they don't believe that this was an independent researcher. This is probably some other company. That's so that that is a challenge expected for me, so I will try to replicate that is your theory and your thesis available in the Bibliotheque? Yeah, it's available. Okay, thank you. Microphone four, please. I um, can't you just emulate these cards with your cell phone? Do you need a ski pass? Yeah. Well, the chip that is built in an Android NFC phones only has an immolation feature for ISO fourteen 400 43 cards and also up until the very last Android version. It wasn't enabled. You could use CyanogenMod and then use it, but actually it cannot emulate this system that I have have to deal here. So, no, not with with the chip that it's built in and usually Android phones. Microphone seven up there, please. Yeah, thank you very much for this. Great. Uh, yeah, that's what I wanted to ask is you use to one hundred twenty five kilohertz systems? And you mentioned the long range readers that are available. Do you know about long range read
ers for 13 megahertz systems? Yeah. Well, that one hundred twenty five kilohertz system was just a small detour to show your other systems. The biggest system works on 13 megahertz. And yes, actually, I found a company in Germany that sells them like form. That's 2000, starting at two thousand euros. There are some physical constraints. So the first thing is, as a rule of thumb, most literature says that you only get a distance like one and a half of the diameter of the antenna. And the second thing is there is a hard physical limit. That's because this magnetic coupling coupling only works in the so-called near field of antenna. So when you move out of the new field, there are several models how to calculate the new field, but in worst case, it's like free meters. Yeah, but yeah. Another question from our signal angel. So why are the commercially available RFID debugging tools so expensive? Is that due to a monopoly position or are they really that expensive due to the components used? It's basically no, it's not the components. I'm sure it's not the components. It's basically a design work. And because your prices on the market are are determined by what customers like to pay or yeah, what what they pay and not how much it thing costs. So yeah, you have this developer tools and a company that like wants to develop a new system and says, like, OK, I need something to test my equipment with and I could have a technician work for like one month on it. Or I can buy something for ten thousand euros and have my project finished a month earlier and don't have to pay my technicians. So for them, maybe a €10000 is acceptable. We have time for two more questions for microphone one. Hello. I wanted to ask a different question. Right at the start of your talk, you showed pictures of some of the keys for the old system. Yeah. And I'm wondering those symbolic pictures are those the actual keys used because especially the one the third key you showed looked like maybe five pins
or something. So it looked like some analog Treehouse of Horror. I'm not you mean that yeah, I have this picture with 125 kilohertz tanks, probably, yeah. I mean, the physical, the old system with the physical keys and locks. Oh, OK. So if if this is the actual key. Yes. Yes, it is. OK. I mean, yeah. So this basically lock pickers having I didn't show the sides, so it's not enough to make the key out of just off the picture. I wouldn't trust that. Yeah. Actually, actually, there's a nice controversy about wherever, whatever it's legal to copy this key, it's mechanical keys, but it's probably for not a talk for another 15 minutes. But I wrote about it in my master's thesis. Thank you. I'm going to ask you, please give him a warm round of applause.