The security behind: RFID door locks

In this episode of the “You Gotta Hack That” podcast, Felix delves into the realm of security concerning RFID door locks, a subset of digital door locks within the Internet of Things (IoT) landscape. He clarifies that RFID door locks encompass various electronic lock types, such as pin-based, Bluetooth-enabled, app-controlled, Wi-Fi-connected, and NFC-enabled locks. The discussion primarily centers on RFID (Radio-Frequency Identification) door locks, which come in high frequency (3-30 MHz) and low frequency (30-300 kHz) variants. While high-frequency RFID is more common, low-frequency options can be advantageous under certain conditions, like underwater settings. A notable manufacturer in this field is HID, with their iClass product series being prominent.

The security of these locks hinges on resource constraints, given the limited computational power of RFID cards compared to more substantial door lock components. Felix explains that the cards contain coils and simple electronics, with no batteries or additional components. He distinguishes between gaining access to cards versus gaining access to locks and explores potential attack vectors, such as denial of access, ransomware, tracking, and data manipulation.

Focusing on the technicalities of RFID door locks, Felix covers the MiFare Classic card, detailing its storage capacities and versions (EV1, EV2, EV3). He discusses how these cards transfer information to locks for verification and access control, either independently or by communicating with a centralized management server. Felix addresses the significance of attacking these locks, from gaining access through cloning cards to exploiting flaws in the protocol. He highlights historical attacks against MiFare Classic cards, like offline brute forcing, RNG vulnerabilities, and encrypted parity bit manipulation.

Felix also delves into potential lock-facing attacks, discussing scenarios like overloading RF antennas, corrupting firmware, and exploiting software vulnerabilities. He highlights the 2017 ransomware incident involving a hotel’s electronic key cards, clarifying that while it affected key creation, it didn’t trap people inside rooms. The podcast concludes with a discussion of key management benefits, allowing keys to be turned off remotely and transferred risk, particularly applicable to items like cars.

This entry was posted in Podcast Episode. Bookmark the permalink.