Pierluigi Paganini July 30, 2015

Accuvant researchers will be releasing an open source piece of hardware dubbed BLEkey that can be used to circumvent these RFID card readers.

Do you require to pass a card into a device to enter in your company’s office?  Most probably you are using a card based on Radio-Frequency Identification (RFID) technology to grant the access. Is this an effective security measure? Which are the possible flaws?

The problem with cards based on RFID, is that they are easy to hack, and now it became even easier, all thanks to a device developed by two security researchers that cost $10.

The name of the device is BLEkey, it is a tiny device that needs to be embedded in a card reader.

BLEkey exploits the vulnerability affecting the Wiegand communication protocol implemented  in many of the RFID card readers, in this way it is able to clone RFID cards.

The researchers Mark Baseggio and Eric Evenchick are the researchers who developed the BLEkey device, and they will present their findings at Black Hat (next week in Las Vegas), when they will distribute the first 200 devices for $10 each.

The purpose of BLEkey is to prove that HID proximity cards’s technologies based on the Wiegand protocol are outdated and should be replaced.

By the details given by Mark Baseggio and Eric Evenchick, you should be able to install BLEkey in less than 2 minutes and BLEkey will have the capacity of storing 1500 RFID cards, this stored cards can after be downloaded to your mobile phone via Bluetooth.

I see a lot of potential here, especially for crooks, since it allows crooks to “penetrate” in sensitive areas where control access it protected by systems using the RDI technology. Datacenter, finance department, CEO offices, storage, etc. are potentially exposed to criminals using the BLEkey device.

One interesting feature of BLEkey is the capability of disabling the card reader for 2 minutes after the crook has opened the door with the cloned card.

We sure will have more information after the talk at the Black Hat, I’m particularly interested by the device, for sure I will acquire it to perform some tests.

It has been estimated that nearly 80% of office building are vulnerable to BLEkey. so to avoid problems in the short term, Baseggio suggested that companies should enable tamter switches to detect if anyone is messing with the card reads, and installing a camera in proximity of the access control systems as a deterrent.

The hardware design of BLEkey and the source code will be released online after their talk at the Black Hat conference, and I sure hope we can have more news about it.

Edited by Pierluigi Paganini

(Security Affairs – BLEkey,  RFID)