Building Security…Not!

Video is now available of the HID access card spoofing device.

As promised, InfoWorld has posted a demonstration of the RFID card clone device from IOActive that allows anyone to passively read, store and clone HID-brand access cards. As TechWatch blogged on Monday, IOActive had this device on display at the RSA Conference in San Francisco last week. The video, available here, shows Chris Paget, IOActive’s director of R&D showing how the device can be used to grab access codes from a HID card, then store them on the device and play them back, tricking a HID card reader into thinking that a valid card has been presented. As I noted in my blog, Paget’s device was able to clone the HID card in the video, but also my HID building access card for IDG’s offices on 2nd street. So, while its not clear that every HID card is vulnerable to this kind of attack, we might presume that quite a few are. Advice: beware of strangers sprouting antenna!

Security

Topics

About

Policies

Our Network

More

Building Security…Not!

Video is now available of the HID access card spoofing device.

More from this author

The state of open source security

The state of open source security

McAfee sideshow eclipses Defcon’s real security breakthroughs

5 big security mistakes coders make

9 rules to follow after you’ve suffered a data breach

Beware the next circle of hell: Unpatchable systems

How to build stronger password hashes? Hold a contest

Hackers gonna hack — but you’re more secure than you think

Show me more

Kotlin 2.3.20 harmonizes with C, JavaScript/Typescript

Final training of AI models is a fraction of their total cost

OpenAI adds plugin system to Codex to help enterprises govern AI coding agents

How to run your own little local Claude Code (sort of!)

How to build desktop apps in Typescript with Electrobun

Write and run assembly in Python with Copapy