Sign in / up

back to article Hitchhacker's Guide to RSA clones conference badge with a towel

Security analyst Jerry Gamblin has turned a hotel towel into a pass for RSA's San Francisco conference. Gamblin says hotel towels often include RFID chips for inventory control and that hitchhackers can use a Proxmark to easily copy and paste the unique identification number stored in their RSA entry pass' NFC chip and embed …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. cbars

    Ew

    Checking into his hotel and leaving (semi) permanent marks on the towels. Dirty bastard.

    10/10 for originality in that department, though

    4 0 Reply
  2. Steve Aubrey
    Joke

    If cloning the chip to break into a security conference is that easy, we may as well throw in the - wait.

    22 0 Reply
  3. Ole Juul

    another chapter

    in the Hijacker's Guide to the Universe.

    4 0 Reply
  4. allthecoolshortnamesweretaken

    I guess I'd ask for a refund on that 2k$ ticket.

    0 0 Reply
  5. phil dude
    Linux

    meego...

    My old Nokia N9 could do this - write some of these tags.

    Never found a use for it...

    P.

    0 0 Reply
  6. Crazy Operations Guy

    Really should be other methods of anti-counterfeiting

    Maybe they should use some kind of two-factor authentication or something? Maybe cut a certificate for each attendee and equip the badges with an NFC-enabled smart card rather than just a standard tag. Or maybe integrate the processor for their two-factor tokens and only make it readable via NFC. Or I"d assume that they would have some kind of anti-copying badge product meant for producing secure ID cards for employers.

    RSA is a massive security conglomeration, why aren't they acting like it?

    0 0 Reply
    1. Brian Miller
      Reply Icon
      Joke

      Re: Really should be other methods of anti-counterfeiting

      RSA is a massive security conglomeration, and the are acting like it!

      Hack towel, gain entry.

      The ideal would be, of course, to enter the conference wearing nothing but the towel!

      0 0 Reply
  7. TeeCee Gold badge
    Alert

    As usual.....

    "Near field communication wasn't written in general to be used in this manner......"

    And there's yer problem. Somebody's used the world's favourite solution in search of a problem to solve a problem they didn't have in the first place. Again.

    Odd really. Since it was actually written by the telcos and banks with payment systems in mind and is widely used for that purpose, you'd think it might have some sort of basic security........

    0 0 Reply
  8. TRT Silver badge

    I have to admit...

    It's easier than throwing it over the security robot, using it to wrestle it to the ground, then flipping open the programming hatch and rewiring the brains so that the robot is happy to do anything you ask of it.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like