NFC: Naked Fried Chicken (PHDays VI)
•
0 gostou•653 visualizações
The document discusses Near Field Communication (NFC) technology and security issues related to NFC-based ticketing systems. It provides an overview of common NFC card standards like MIFARE Classic and Ultralight, describes vulnerabilities that have been found in their cryptographic protections. The document outlines a reference architecture for modern ticketing systems and examines security weaknesses in each component. It then introduces several tools that can be used to evaluate such systems, including the HydraNFC, Proxmark3, and NFCulT Android app created by Opposing Force. Attack techniques like lock, time and reply attacks are explained as ways to exploit NFC tickets and bypass validation mechanisms.
Recomendados
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Destaque
Semelhante a NFC: Naked Fried Chicken (PHDays VI)
Semelhante a NFC: Naked Fried Chicken (PHDays VI) (20)
Último
Último (20)
NFC: Naked Fried Chicken (PHDays VI)
- 1. N F C Naked Fried Chicken Matteo Beccaro || May 18th, 2016
- 2. Me || § Matteo Beccaro § Founder & Chief Technology Officer at Opposing Force § The first Italian company specialize in offensive physical security § Twitter: @_bughardy_ | @_opposingforce
- 3. Agenda || § NFC: what are we talking about? § Modern ticketing systems security § Weapons for NFC-‐based solutions mass destruction § Penetration testing methodology § Case studies
- 4. Agenda || § NFC: what are we talking about? § Modern ticketing systems security § Weapons for NFC-‐based solutions mass destruction § Penetration testing methodology § Case studies
- 5. What is NFC? || § NFC stands for Near Field Communication § Frequency at 13.56 MHz § 3-‐5 cm of range § Widely used for § Access control systems § Electronic ticketing systems § Mobile phone applications
- 6. Notorious NFC families|| § MIFARE § MIFARE Classic § MIFARE Ultralight § MIFARE DesFire § HID iClass § Calypso § FeliCa
- 7. MIFARE Classic || § 1-‐4 KB memory storage device § Strong access control mechanisms § A key is required to access data sectors § Use of Crypto1 Crapto1 algorithm § Sadly broken.. § ..but still so widely used (!) – RFID door tokens, transport tickets, etc.
- 8. MIFARE Ultralight || § 64 byte memory storage device § Basic security mechanisms § OTP (One-‐Time-‐Programmable) sector § Lock bytes sector § Mostly used for disposable tickets § It has some more secure children: • ULTRALIGHT C • ULTRALIGHT EV
- 9. MIFARE DesFire || § 2 KB, 4KB or 8 KB memory size § Advanced security mechanisms (3DES, AES, etc.) § File system structure is supported § Several variants are available § DESFIRE § DESFIRE EV1 § DESFIRE EV2
- 10. HID iClass || § Same encryption and authentication keys are shared across every HID iClass Standard Security installations (!) § Keys have already been extracted (!!) § Two variants § iClass Standard (very common) § iClass High Secure (not that common) § Both variants are BROKEN
- 11. Agenda || § NFC: what are we talking about? § Modern ticketing systems security § Weapons for NFC-‐based solutions mass destruction § Penetration testing methodology § Case studies
- 12. Modern ticketing systems security || § We need to create a common methodology § We need tools to effectively assess these systems § We need secure architecturesas references and best practices
- 13. Modern ticketing systems architecture ||
- 14. Modern ticketing systems architecture || Local Remote
- 15. Modern ticketing systems architecture ||
- 16. The token || § Usually a NFC card § MIFARE Ultralight § MIFARE Classic § Calypso § The card can store § Multiple rides or subscriptions § Timestamp of the last stamping § Details on the location where we used the ticket § Other data
- 17. The token || § What about MIFACE Classic? § It is just BROKEN § What about MIFACE Ultralight? § Well, it’s bleeding.. § Lock attack § Time attack § Reply attack.. § Calypso § Currently we are under NDA, sorry J
- 18. Readers and controllers || § Can operate offline or online § Wire or wireless connected to the controller § Usually supports multiple standards § Simply checks if the ticket is valid § Is the ticket “genuine”? § Is the stored stamp ok? § Can store secrets and keys used for validation
- 19. The backend || § It can be cloud-‐based or not § Performs multiple operations § Provide ticket validation “logic” § Fraud prevention? § Statistics § OTA updates for readers § Frauds detection
- 20. Agenda || § NFC: what are we talking about? § Modern ticketing systems security § Weapons for NFC-‐based solutions mass destruction § Penetration testing methodology § Case studies
- 21. Tools of the trade || § HydraNFC § ProxMark3 § ChameleonMini § NFCulT
- 22. HydraNFC || § HydraNFC (~90 €) § http://hydrabus.com/hydranfc-‐1-‐0-‐specifications/ § Users Texas Instrument TRF7970A NFC chipset (13.56MHz only) § MIFARE 1k and 14443A UID emulation § ISO 14443A sniffing (also autonomous mode) § 2 different raw modes
- 23. ProxMark3 || § ProxMark3 (~200 €) § HF and LF capabilities § Very large community § http://proxmark.org/forum/index.php § Supports almost every known RFID tags § Support sniffing and emulation
- 24. ChameleonMini || § ChameleonMini (~100 €) § http://kasper-‐oswald.de/gb/chameleonmini/ § HF (13.56MHz) only § Almost same capabilities as HydraNFC § Different chipset § The firmware is only available for old revision
- 25. Opposing Force own weapon || § NFCulT (~0 €) § Mobile app for NFC-‐enabled Android smartphones § Implements Lock, Time and Reply attacks § A “custom edit mode” is available for bit by bit data editing § The app currently supports the MIFARE Ultralight format only § MIFARE Classic support will be released during summer 2016
- 26. The lock attack feature || § Sets the OTP page in Read-‐Only mode § The operation is irreversible § If the reader doesn’t check for writing permission on OTP sector.. § ..free rides!
- 27. The time attack feature || § The features allows the forging (stamping) (free) tickets § The tester is required to identify and decode the ticket’s timestamps
- 28. The reply attack feature || § Reply attacks can be implemented using UID magic tickets (~15€ per ticket) § The attack can bypass every (offline) anti-‐fraud prevention mechanisms § Anyway, guess what? Free rides!
- 29. The custom editing feature || § The features is useful to better understand the structure of data stored onto the ticket (e.g., exact location of timestamp) § Quick encoding from hex to bin and back § The app allows ticket’s bit per bit data editing
- 30. Agenda || § NFC: what are we talking about? § Modern ticketing systems security § Weapons for NFC-‐based solutions mass destruction § Penetration testing methodology § Case studies
- 31. What are we looking for? ||
- 32. The stamping machine || Attack Surface Attacks to Perform Impact NFC Interface Analyze the stamping mechanisms Free tickets Hardware board Analyze the exposed interface (JTAG, UART, etc.) Firmware or secrets dumping GSM/GPRS/Eth Interface Is MITM possible? Intercepting the exchanged data Intercepting secrets or sensitive data • We can identify it as the reader + controller
- 33. What are we looking for? ||
- 34. The vending machine || Attack Surface Attacks to Perform Impact NFC Interface Analyze the recharging mechanisms Free tickets, for everyone Hardware board Analyze the exposed interface (JTAG, UART, etc.) Firmware or secrets dumping GSM/GPRS/Eth Interface Is MITM possible? Intercepting the data Intercepting secrets or sensitive data (e.g., credit card details) Computer Application Analyzing exposed network services Complete control of the machine • We can identify it as one the possible clients
- 35. What are we looking for? ||
- 36. The backend|| Attack Surface Attacks to Perform Impact Web application(s) Classic web app-‐related attacks Data exfiltration, service interruption, etc. Network service(s) Classic network services-‐related attacks Data exfiltration, service interruption, etc. Physical location Try to get physical access to the servers Basically, heavily PWNED
- 37. What are we looking for? ||
- 38. Agenda || § NFC: what are we talking about? § Modern ticketing systems security § Weapons for NFC-‐based solutions mass destruction § Penetration testing methodology § Case studies
- 39. MIFARE Ultralight ticketing system ||
- 40. MIFARE Ultralight ticketing system ||
- 41. MIFARE Ultralight ticketing system || Lock bit for the OTP sector is not checked by the stamping machine Absence of a UID blacklist in the backend Timestamp are not encrypted nor signed
- 42. MIFARE Classic hotel door lock ||
- 43. MIFARE Classic hotel door lock ||
- 44. MIFARE Classic door lock || Card’s UID Room number: int(0x17ea, 16) = 6122
- 45. Q&A || Any question? Don’t be shy..
- 46. Thank you Contacts – engage@opposingforce.it || www.opposingoforce.it || @_opposingforce