Many access control systems still rely just on the UID of the card. It is a unique number, generated during manufacturing, read-only and impossible to change. There are however special, unofficial “Magic UID” cards (like my business card) that allow to set any UID - clone it from other cards. It takes just a few seconds with the new “one click” cloning feature that I have contributed to free Mifare Classic Tool Android application.
During upcoming Confidence conference in Krakow, we will celebrate 15 years of SecuRing. On this occasion the we will share with you several NFC “research toolkits” hardware sets - that among other things allow to clone card UID and crack Mifare Classic. Come meet us at our booth and solve the NFC challenges to win one!
Also be sure to attend my introductory talk on NFC security “A 2018 practical guide to hacking RFID/NFC” track 1 Jun 4th 11:50am.
Update: slides are available to download here.
Behold The Smart Lock! In case anyone would doubt its smartness, it is literally imprinted. Fitted with an enormously loud speaker - advertised as a feature to raise a solid anti-thief alarm. Using the same speaker for a normal unlock notification, thus enforcing you to cover your ears while opening, was not the smartest idea though. Security? Smart my shiny metal (…)!
Enough smart for the introduction. Give me the meat! TLDR exploit.