Create an app that can record/store/transfer data from Bluetooth/RFID/NFC devices for covert exploitation of access controls.

Many Bluetooth devices are used to access vehicles, facilities and other targets of interest. Many default and proprietary Bluetooth devices are susceptible to replay attacks in which their transmissions can be recorded and then re-transmitted later, giving the same access one would be given if they actually had possession of the physical device. Some devices employ replay-countermeasures, but they are commonly ineffective and can often be bypassed. RFID and NFC are also methods used for access control, such as with ID badges.

I recommend creating a device or application that can run on an existing product that can record transmissions from active devices, such as Bluetooth FOBs, evaluate the content of the transmission, replay it on demand, and store them in a portable file format to transfer to other tools as needed.Along with this capability, perhaps the ability to store data in a way that it could be used later, such as in the event of a "Master Key FOB" from a car manufacturer or similar use case. Additionally, a brute force capability in which the device could transmit a operator-defined transmission, that includes a sequence of numbers or other symbols, allowing the operator to quickly attempt every possible combination.

For passive systems, like RFID and NFC, the device could have the ability to read and record the content of the target devices and saved in a portable file format for transfer to other tools as needed. Using active antennas may allow for recording/capture from distances further than intended by the relevant system specifications.

This could be marketed to organizations with a need to bypass common access controls without being detected, or even identification such as tracking a target by their work badge or a vehicle by it's EZPass card.

  • James Paisley
  • Apr 16 2018
  • Attach files