![]() ![]() Once he had the badge data, all Muhl had to do was take out the memory card and plug it into a computer with a $300 device called a Proxmark, which takes that data and writes it to a new card. Security consultant Kurt Muhl went with the latter, pretending to be a college student and arranging a tour of the company's facility by one of its employees.ĭuring his tour, Muhl carried what looked like a black laptop bag, which housed the RFID reader that eventually grabbed the employee's badge out of thin air. In order to get close to an employee, RedTeam came up with a number of possible methods, such as hanging around the company's smoking area with other employees, or social engineering their way inside under false pretenses. ![]() The problem is that much of the time, that data is sent in the clear without encryption, giving hackers an opportunity to snatch the data right off an employee's card so they can clone it for their own purposes. Employees typically hold up their RFID-coded badges to an electronic reader outside a door, which then tells the door, "Hey, let this person in." RedTeam exploited a well-known issue with RFID, or radio-frequency identification, which is a common method many organizations use to give employees access to facilities.
0 Comments
Leave a Reply. |