A pair of researchers in the United States have crafted a way to anonymously steal personal information from keycard scanners by using a smartphone.
They engineered a small device that can be placed over the wires of electronic door scanners. It then intercepts the signal which is transferred between the keycard and reader, transferring it over Bluetooth back to the hacker. The revelation has revealed some glaring security concerns in select keycard systems, which do not encrypt the data as it is passed through the system.
One of the researchers, Eric Evenchick, explains that the system was incredibly easy to build due to the ease of access to the readers personal information. “It has no security, it’s just total clear text electrical signaling that we can exploit,” he explains.
Essentially, the details are sent through the reader in plain text that can be easily intercepted and interpreted. You simply take a cheap bluetooth transmitter to beam it back to a smartphone which can then be used to save the information for later use. Anyone who scans their card could then be unwittingly giving their information to thieves. The crooks could then even use the information to craft their own fake security cards, gaining access to previously locked locations.
The hack will be demonstrated next week at the annual Black Hat conference in the USA, where teams of researchers demonstrate vulnerabilities in security and computer systems.
Via Information Week