SCADA, Telematics & GPS Technologies

Do you have any idea on how easy it is to build your own RFID reader? Well, we stumbled upon some sites that’ll give you some clearer picture on how to make this thing happens. As pointed out by hackaday,

[Klulukasz] left a comment pointing to this DIY RFID reader that was a final project in 2006 for a class at Cornell University. It is well documented and includes not only a schematic and code, but an explanation of the design considerations used during the build. The project uses an ATmega32 and the parts list priced out at about $50 at the time. There were plenty of responses to theRFID spoofer post pointing out that there are readers available for $40, but we want the fun of building our own.

A bit more vague with the details but no less interesting is this other simple RFID reader design.

Courtesy: hackaday

It’s just starting to warm up around here but it was very cold for a long time. We’re not fond of going anywhere when it’s way below freezing but those professional hermit opportunities never panned out so we’re stuck freezing our butts off. Fed up with his frigid auto, [Aaron] installed a remote starter to warm the car up before he got to it. This didn’t help at work because of the distance from his office to the sizable parking lot is too far for the key fob’s signal to carry. He decided to make his starter work with GSM so he could start the car with a phone call.

The first attempt involved a pre-paid cell phone for $30. The problem is that anyone who called the phone would end up starting the car. After a bit of looking he found a GSM switch that just needs an activated SIM to work. When called, it reads the incoming phone number for authentication but never picks up the phone so there’s no minutes used. He cracked open an extra key-fob and wired up the lock and start buttons to the relays in the GSM switch. Bam! A phone call starts (and locks) his car.

Maybe this isn’t as hardcore as body implants but it’s a fairly clean solution. He uses the car’s 12v system to power the switch and pays $10 every three months to keep the SIM card active. There’s an underwhelming demonstration video after the break showing a cellphone call and a car starting.

Courtesy of Hack A Day

(more…)

LAS VEGAS — It’s one of the most hostile hacker environments in the country –- the DefCon hacker conference held every summer in Las Vegas.

But despite the fact that attendees know they should take precautions to protect their data, federal agents at the conference got a scare on Friday when they were told they might have been caught in the sights of an RFID reader.

The reader, connected to a web camera, sniffed data from RFID-enabled ID cards and other documents carried by attendees in pockets and backpacks as they passed a table where the equipment was stationed in full view.

It was part of a security-awareness project set up by a group of security researchers and consultants to highlight privacy issues around RFID. When the reader caught an RFID chip in its sights — embedded in a company or government agency access card, for example — it grabbed data from the card, and the camera snapped the card holder’s picture.

But the device, which had a read range of 2 to 3 feet, caught only five people carrying RFID cards before Feds attending the conference got wind of the project and were concerned they might have been scanned.

source: wired.com

Here’s more info on the Connex Stolen Vehicle Recovery system that is currently an option with the Accord.

The system is actually by the Cobra vehicle security company, and is pretty reknown. For example, the Italian company’s Connex systems are being used by alot of companies such as Audi France where they use Connex as the standard alarm and recovery solution for the Q7, A8, S, RS and V8-engined cars.

When you buy the package from Honda at RM3,660 inclusive of installation, first year annual service fee (RM360) and a compensation guarantee (optional and worth RM140), it will be installed at the Honda dealer. This package is currently for Peninsular Malaysia cars only, and comes with a 3 year warranty.

Now what is the compensation guarantee? Basically if your car is recovered within 72 hours of theft management notification, you get cash of up to RM5,000 and bills of up to RM5,000. This covers bills for repair and replacement of damaged parts.

If the stolen vehicle is not recovered within 72 hours, you get a cash compensation of RM15,000 and a RM15,000 subsidy at Honda dealers for a new car if the car is not recovered at all. If recovered after 72 hours, you get a RM5,000 compensation for repair and replacement of parts related to the theft.

The system operates based on GPS to track the vehicle location and a GSM-based communication device that runs on the cellular networks to communicate with the Cobra Connex operation center. The annual fee of RM360 (first year free) covers the GSM device charges, you will not have to pay any extra cash to maintain the Connex system’s GSM SIM card.

Source: Paultan.org

When engineers tackle a project that uses ZigBee communications they may get a surprise. Unlike point-to-point communications, ZigBee involves a network that can establish nodes, repeaters and complex mesh topologies. The proper test tools–often called “sniffers”–help engineers diagnose ZigBee-network problems that could otherwise turn into nightmares.

Microchip Technology includes the ZENA Wireless Network Analyzer with its PICDEM Z demonstration kit so engineers can see what goes on among ZigBee devices. The ZENA tool also can sniff and decode Microchip’s MiWi protocol that, like ZigBee, uses IEEE 802.15.4 radios. According to Steve Bible, an applications engineering manager at Microchip, ZENA time stamps packets and displays them in a graphical format. ”

The screen shows the destination and source addresses, the payload and the data,” explained Bible. “We add some color coding and provide data as hexadecimal values. Users also see a received signal strength indication, or RSSI–an uncalibrated relative value.”
…

“ZigBee and IEEE 802.15.4 technologies require a shift in how we analyze and manage ad-hoc wireless networks,” said Matt Perkins, VP of technology development at Awarepoint, a supplier of wireless asset-tracking systems. “An analyzer should take time-sliced snapshots of network traffic, ‘mine’ the traffic for metrics such as throughput, bottlenecks and end-to-end delays, and presents information in a concise graphical form.”

Source: Freaklabs

It’s an old issue but still got a kind of relations to our days of life.

Another highlight for us at CCC was [Karsten Nohl] and [Henryk Plötz] presenting how they reversed Philips crypto-1 “classic” Mifare RFID chips which are used in car keys, among other things. They analyzed both the silicon and the actual handshaking over RF. Looking at the silicon they found about 10K gates. Analyzing with Matlab turned up 70 unique functions. Then they started looking “crypto-like” parts: long strings of flip-flops used for registers, XORs, things near the edge that were heavily interconnected. Only 10% of the gates ended up being crypto. They now know the crypto algorithm based on this analysis and will be releasing later in the year.

The random number generator ended up being only 16-bit. It generates this number based on how long since the card has been powered up. They controlled the reader (an OpenPCD) which lets them generate the same “random” seed number over and over again. This was actually happening on accident before they discovered the flaw.

One more broken security-through-obscurity system to add to the list. For more fun, watch the video of the presentation.

Source: Hackaday