BLEkey – How to Clone RFID cards with a $10 device

Pierluigi Paganini July 30, 2015

Accuvant researchers will be releasing an open source piece of hardware dubbed BLEkey that can be used to circumvent these RFID card readers.

Do you require to pass a card into a device to enter in your company’s office?  Most probably you are using a card based on Radio-Frequency Identification (RFID) technology to grant the access. Is this an effective security measure? Which are the possible flaws?

The problem with cards based on RFID, is that they are easy to hack, and now it became even easier, all thanks to a device developed by two security researchers that cost $10.

The name of the device is BLEkey, it is a tiny device that needs to be embedded in a card reader.

BLEkey exploits the vulnerability affecting the Wiegand communication protocol implemented  in many of the RFID card readers, in this way it is able to clone RFID cards.

BLEkey RFID card hack

The researchers Mark Baseggio and Eric Evenchick are the researchers who developed the BLEkey device, and they will present their findings at Black Hat (next week in Las Vegas), when they will distribute the first 200 devices for $10 each.

The purpose of BLEkey is to prove that HID proximity cards’s technologies based on the Wiegand protocol are outdated and should be replaced.

By the details given by Mark Baseggio and Eric Evenchick, you should be able to install BLEkey in less than 2 minutes and BLEkey will have the capacity of storing 1500 RFID cards, this stored cards can after be downloaded to your mobile phone via Bluetooth.

I see a lot of potential here, especially for crooks, since it allows crooks to “penetrate” in sensitive areas where control access it protected by systems using the RDI technology. Datacenter, finance department, CEO offices, storage, etc. are potentially exposed to criminals using the BLEkey device.

One interesting feature of BLEkey is the capability of disabling the card reader for 2 minutes after the crook has opened the door with the cloned card.

We sure will have more information after the talk at the Black Hat, I’m particularly interested by the device, for sure I will acquire it to perform some tests.

It has been estimated that nearly 80% of office building are vulnerable to BLEkey. so to avoid problems in the short term, Baseggio suggested that companies should enable tamter switches to detect if anyone is messing with the card reads, and installing a camera in proximity of the access control systems as a deterrent.

The hardware design of BLEkey and the source code will be released online after their talk at the Black Hat conference, and I sure hope we can have more news about it.

Elsio Pinto (@high54security) is at the moment the Lead Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/

Edited by Pierluigi Paganini

(Security Affairs – BLEkey,  RFID)



you might also like

leave a comment