Hacking Truckers

Hacking Truckers
Hacking Truckers 

By Kelly Jackson Higgins

Now even truckers will need to worry about RFID security: Researchers 
say they have discovered that they can scan and hack electronic product 
code (EPC) labels on products being transported on 18-wheeler 

Researchers at PacketFocus Security Solutions, with the help of 
researchers at Atlas RFID Solutions, so far have been able to easily 
read EPC codes using standard EPC Generation 2 readers and antennas, 
says Joshua Perrymon, hacking director for PacketFocus Security 
Solutions. The firm recently rented an 18-wheeler from a local freight 
company and loaded it with EPC-tagged boxes to test out just what data 
can be intercepted from the big rigs. "We wanted to determine what 
information we could glean from outside the truck," Perrymon says.

It's a supply chain nightmare. Perrymon says he and his colleagues 
didn't have to do much more than run the off-the-shelf tools. "We are 
showing you can do this with off-the-shelf products, and you don't have 
to be a super-hacker" to get EPC data off a tractor-trailer, he says.

EPC, the heir apparent to the bar code, provides unique tags for each 
item, rather than just the vendor and class of product as bar codes do. 
That makes inventory and shipment-tracking more efficient, of course, 
but also opens the door for attackers to lift detailed information about 
what a particular truck is hauling and where, as well as to actually 
hack the EPC codes via an EPC writer, Perrymon says.

"Each product has its own EPC number," he says. "If a company is using 
EPC numbers, we can sit outside the tractor-trailer and scan them, 
reference them with known EPC numbers, and know the inventory of what's 
on that trailer."

That means your competitor could use this information for intelligence 
purposes. "He could get an idea of what you are shipping and how much, 
and how often," Perrymon says, adding that an attacker could also write 
to those tags, either disabling or changing them if you don't apply the 
proper authorization and passwords to your EPC system. That's 
PacketFocus's next step in its research.

And sniffing the truck's payload could also provide criminals with 
intelligence they wouldn't otherwise be able to get very easily, thus 
helping them target their holdups or other heists, he says. "Unless they 
had a lot of inside information, they don't have enough information to 
rob that truck. Now they can scan it if it's not secure -- they don't 
want to rob that toilet paper truck, but if it's got plasma TVs with 
surround sound, [that's their] target."

Truckers are especially vulnerable because they travel to public truck 
stops to sleep and rest, says Perrymon. "That's vulnerable for RFID 
stuff sitting in the truck, passive."

So far, Perrymon and his team have only tested a parked 18-wheeler, but 
they plan to also try hacking while the truck is in transit on the 
highway. "I want to see if we can do this going down the road, but I'm 
pretty sure we can." He says they'll pull up alongside the truck and 
scan it as they drive along the highway.

The range for reading the EPC tags mostly depends on power and antennas, 
he says, because some types of tags "talk further" than others, he says.

EPC RFID security is a lot like the typical home WLAN: Companies are 
more worried about getting the operational side of it installed and 
often leave their system in default mode, with easily guessed passwords. 
Perrymon says he first deploys the reader to see what data comes back 
and then uses a custom script to eke out the weak password.

Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. 

Site design & layout copyright © 1986-2014 CodeGods