A Hacker's Toolkit for RFID Emulation and Jamming

However, many RFID systems rely upon the integrity of RFID tag data for their correct functioning. It has never been so easy to interfere with RFID systems; we have built a handheld device that performs RFID tag emulation and selective RFID tag jamming (sortof like a personal RFID firewall). Our device is compatible with the ISO 15693/14443A (13.56 MHz) standards, and fits into a shirt pocket. This presentation will explain the "nuts and bolts" of how tag spoofing and selective RFID jamming work, and will conclude by demonstrating this functionality.

Detailed Outline:

Part I - Introduction to RFID Technology (25 minutes)

- What is Radio Frequency Identification? (How it works, types of RFID, read ranges, etc..) - Typical RFID applications (Supply chain management, automated payment, access control, animal tagging, etc..) - RFID security/privacy threats (Unauthorized tag reading, tag spoofing / cloning, denial of Service)

Part II - RFID Emulation and Jamming (25 minutes)

- Overall architecture - Describe the HW architecture - XScale processor, Melexis RFID reader-on-a-chip, custom "tag" receiver/transmitter - Describe the SW architecture - E-Cos RTOS, ISO 14443/15693 stacks, high-level tasks, application-level code

- RFID Tag Emulation - Decoding incoming RFID queries - RFID tag "spoofing" - Describe how we produce the correct sideband frequencies

- Selective RFID jamming - Describe the Slotted-Aloha anticollision algorithm - Describe our selective (timeslot-specific) jamming method

- Live demonstration of RFID Guardian - RFID tag spoofing demo - Selective RFID jamming demo