Jul 22, 2008

Wi-Fi, Bluetooth and RFID atacks
Fond using a laptop?, cell phone headset?, building access badge?, credit cards?, or even a passport? You should it now before it's late.As the technology of wireless or unguided connection emerge, threats from cyber criminals who steals and uses personal data from people is very alarming. If a person who uses this technologies stated above doesn't know how to protect himself, he/she may be a victim of hacking crime.

Most people today are fond of using public wi-fi hotspots and never encrypts or hide the data they were sending, this can be the hole of hakers to get into your personal life. Some of these attacks were, spoofing of their data, they also can receive fake websites where hackers do to steal you password or your account, another is planting a virus on your PC which can possibly damage your system. "Even airplane passengers who either ignore stewardess requests to disable Wi-Fi or don't know how to turn it off are not immune to attacks from others in the airplane",said renderman, a hacker who lectures about how hackers do their stuff.

Bluetooth headset users are at risk because of a security hole in the technology and default PINs that don't get changed, he said. Exploiting vulnerabilities someone can break in and steal data from the phones, make calls without the cell phone owner knowing, listen in on and break into conversations, and even spy on people by turning the device into a bug.

Renderman advises that people change the default password, disable the Bluetooth on the phones, turn off the headsets when not in use, and limit access to the data and features when communicating with other Bluetooth devices.

Many people don't realize that new U.S. passports have RFID technology with weak encryption that makes the data on the chip easy to read with the proper reader device.

The U.S. government attempted to mitigate the privacy threat by putting a metal foil layer on the front and back cover of the passports, but the stiffness of the foil pops the passport open as much as an inch, wide enough for RFID readers to snatch the data, RenderMan said, showing a video to demonstrate this.

"There is no rule that says that if the chip doesn't work, they will refuse you access to the border. You will get increased scrutiny, but it's still a valid document," he said. "So, liberal application of a hammer can negate a lot of the possible" problems.

But doing willful damage to the passport is a crime, one attendee pointed out. "I fell, really hard," RenderMan deadpanned.

RFID used in transit and building access badges has also been proven to be insecure, allowing someone to use an RFID reader to copy data off the card and make a clone of it, he said.

A security flaw in the Mifare Classic Chip used in transit systems is the subject of a court case in The Netherlands. The maker of the chip, NXP Semiconductors, sued to block a university from publishing details of the problems, but a court ruled on Friday that the research can be made public.

Even traditional keys are vulnerable, RenderMan said. For instance, photographs of spare keys for electronic-voting machines displayed on a Web page were used to make replicas with similar-looking keys, he said. A video demo showed how someone filed down a key from a hotel mini-bar and was able to open up the memory card slot of a Diebold voting system.

Credit: CNET news