Paper 2023/450
Unlocking doors from half a continent away: A relay attack against HID Seos
Abstract
HID Global is a major vendor of physical access control systems. In 2012, it introduced Seos, its newest and most secure contactless RFID credential technology, successfully remediating known flaws in predecessors iCLASS and Prox. Seos has been widely deployed to secure sensitive assets and facilities. To date, no published research has demonstrated a security flaw in Seos. We present a relay attack developed with inexpensive COTS hardware, including the Proxmark 3 RDV4. Our attack is capable of operating over extremely long ranges as it uses the Internet as a communications backbone. We have tested multiple real-world attack scenarios and are able to unlock a door in our lab with a card approximately 1960 km away. Our attack is covert and does not require long-term access to the card. Further, our attack is generic and is potentially applicable to other protocols that, like Seos, use ISO/IEC 14443A to communicate. We discuss several mitigations capable of thwarting our attack that could be introduced in future credential systems or as an update to Seos-compatible readers' firmware; these rely on rejecting cards that take too long to reply.
Metadata
- Available format(s)
-
PDF
- Category
- Attacks and cryptanalysis
- Publication info
- Preprint.
- Keywords
- relay attackrfidphysical access controliso 14443
- Contact author(s)
- sam @ loudmouth io
- History
- 2023-03-29: approved
- 2023-03-28: received
- See all versions
- Short URL
- https://ia.cr/2023/450
- License
-
CC BY-NC-ND
BibTeX
@misc{cryptoeprint:2023/450,
author = {Sam Haskins and Trevor Stevado},
title = {Unlocking doors from half a continent away: A relay attack against HID Seos},
howpublished = {Cryptology ePrint Archive, Paper 2023/450},
year = {2023},
note = {\url{https://eprint.iacr.org/2023/450}},
url = {https://eprint.iacr.org/2023/450}
}
