Answering a 3 year old question

Posted Feb 17, 2019

2 min read

4 score and some time since I last thought of this, I had a bus pass.

A Contactless RFID Bus Pass, the same kind of thing you would have as an ID Badge in an office environment.

Now this is a walk down memory lane because I haven’t thought of this for a while and since its initial ‘inception’ there have been scores of reports of badge cloning and tools created to help read and write badges.

Way back when, when I had an Android phone as my daily driver (I had a HTC One, the old one that was thick and brick like), it had NFC on it. I knew what it was but had turned it off for fear of attack (lol for back then).

One day while on my commute to my, then, employer I was playing with the phone, pass in the case (yeh I had a flip case with a card holder so what!?) and I found the NFC got switched on, one thing or another and ‘bloop’ – Item Scanned –

‘Huh?’ I thought…

I figured it was the card pretty fast and scanned it again, ‘bloop’ – Unable to read -.

This was at a time when NFC was fairly new so not too much was known about its intricacies and I had a basic understanding of how it works.

‘This is interesting’ I thought.

So I immediately downloaded an App to read Tags, think it was called ‘Trigger’ from the Play Store and this is when I hit my first road block, It couldn’t read the type of tag that was in the card, Again early days and things have changed a lot since then,

Now since then I haven’t thought much of it, the readers were super expensive and I have £0 disposable income.

The fun thing about time, besides it passing, is the effect it has on the technology market, you can now pickup an NFC reader and writer with sample cards of the 10 types commonly used for around £20 on eBay;

A twitter user by the name @RealTinehNimjeh (now TinehAgent) rekindled this fire and desire to learn what makes it work,, (puts RFID Office badge in the Elder Wand,,, hilarious!)

So,, eventually,,, maybe,,, I can answer this question. What is the security on the pass like? what is the data? can it be dumped? can it be interpreted? can it be modified? #freeinfinatebustravelforlife

I want to point out right now that anything I do find will be confidential and only seen by myself and if its anything huge like a massive gaping hole in security and all you have to do is change the date to next month then I will be getting in contact with HackerOne to get in contact with the vendor ASAP!

Responsible disclosure is always a smart thing to do and I don’t want my pennies to be taken up by lawyer fees and being sued because, that’s really annoying.

OLD

This post is licensed under CC BY 4.0 by the author.

Trending Tags