By Kelly Jackson Higgins
Now even truckers will need to worry about RFID security: Researchers
say they have discovered that they can scan and hack electronic product
code (EPC) labels on products being transported on 18-wheeler
Researchers at PacketFocus Security Solutions, with the help of
researchers at Atlas RFID Solutions, so far have been able to easily
read EPC codes using standard EPC Generation 2 readers and antennas,
says Joshua Perrymon, hacking director for PacketFocus Security
Solutions. The firm recently rented an 18-wheeler from a local freight
company and loaded it with EPC-tagged boxes to test out just what data
can be intercepted from the big rigs. "We wanted to determine what
information we could glean from outside the truck," Perrymon says.
It's a supply chain nightmare. Perrymon says he and his colleagues
didn't have to do much more than run the off-the-shelf tools. "We are
showing you can do this with off-the-shelf products, and you don't have
to be a super-hacker" to get EPC data off a tractor-trailer, he says.
EPC, the heir apparent to the bar code, provides unique tags for each
item, rather than just the vendor and class of product as bar codes do.
That makes inventory and shipment-tracking more efficient, of course,
but also opens the door for attackers to lift detailed information about
what a particular truck is hauling and where, as well as to actually
hack the EPC codes via an EPC writer, Perrymon says.
"Each product has its own EPC number," he says. "If a company is using
EPC numbers, we can sit outside the tractor-trailer and scan them,
reference them with known EPC numbers, and know the inventory of what's
on that trailer."
That means your competitor could use this information for intelligence
purposes. "He could get an idea of what you are shipping and how much,
and how often," Perrymon says, adding that an attacker could also write
to those tags, either disabling or changing them if you don't apply the
proper authorization and passwords to your EPC system. That's
PacketFocus's next step in its research.
And sniffing the truck's payload could also provide criminals with
intelligence they wouldn't otherwise be able to get very easily, thus
helping them target their holdups or other heists, he says. "Unless they
had a lot of inside information, they don't have enough information to
rob that truck. Now they can scan it if it's not secure -- they don't
want to rob that toilet paper truck, but if it's got plasma TVs with
surround sound, [that's their] target."
Truckers are especially vulnerable because they travel to public truck
stops to sleep and rest, says Perrymon. "That's vulnerable for RFID
stuff sitting in the truck, passive."
So far, Perrymon and his team have only tested a parked 18-wheeler, but
they plan to also try hacking while the truck is in transit on the
highway. "I want to see if we can do this going down the road, but I'm
pretty sure we can." He says they'll pull up alongside the truck and
scan it as they drive along the highway.
The range for reading the EPC tags mostly depends on power and antennas,
he says, because some types of tags "talk further" than others, he says.
EPC RFID security is a lot like the typical home WLAN: Companies are
more worried about getting the operational side of it installed and
often leave their system in default mode, with easily guessed passwords.
Perrymon says he first deploys the reader to see what data comes back
and then uses a custom script to eke out the weak password.
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com