Privacy and security – 20/02/2014

Anonymous

RFIDler: A Software Defined RFID Reader/Writer/Emulator

Software Defined Radio has been quietly revolutionising the world of RF. However, the same revolution has not yet taken place in RFID. The proliferation of RFID/NFC devices means that it is unlikely that you will not interact with one such device or another on a daily basis.

Whether it’s your car key, door entry card, transport card, contactless credit card, passport, etc. you almost certainly have one in your pocket right now!

RFIDler is a new project, created by Aperture Labs, designed to bring the world of Software Defined Radio into the RFID spectrum. We have created a small, open source, cheap to build platform that allows any suitably powerful microprocessor access to the raw data created by the over-the-air conversation between tag and reader coil. The device can also act as a standalone ‘hacking’ platform for RFID manipulation/examination. The rest is up to you!

This talk will cover the fundamentals of Software Defined Radio, and then show how low-level RFID communications could be considered in the same light. We will then go on to demonstrate the RFIDler prototype in action, reading, writing and emulating some common tags.

Adam “Major Malfunction” Laurie is a security consultant working the in the field of electronic communications, and a Director of Aperture Labs Ltd., who specialise in reverse engineering of secure systems. He started in the computer industry in the late Seventies, and quickly became interested in the underlying network and data protocols.

During this period, he successfully disproved the industry lie that music CDs could not be read by computers, and wrote the world’s first CD ripper, ‘CDGRAB’. He was also involved various early open source projects, including ‘Apache-SSL’ which went on to become the de-facto standard secure web server. Since the late Nineties he has focused his attention on security, and has been the author of various papers exposing flaws in Internet services and/or software, as well as pioneering the concept of re-using military data centres (housed in underground nuclear bunkers) as secure hosting facilities.

Andy Ritchie has been working in the computer and technology industry for over 20 years for major industry players such as ICL, Informix, British Airways and Motorola. Founding his first company, Point 4 Consulting at the age of 25, he built it into a multi-million pound technology design consultancy. Point 4 provided critical back end technology and management for major web sites such as The Electronic Telegraph, MTV, United Airlines, Interflora, Credit Suisse, BT, Littlewoods and Sony. Following Point 4 he went on to found Ablaise, a company that manages the considerable intellectual property generated by Point 4, and Aperture Labs. In his spare time he manages the worlds largest and longest running security conference, Defcon.

Andy’s research focuses on access control systems, biometric devices and embedded systems security, and he has spoken and trained at information security conferences in Europe and the US publicly and for private and governmental audiences. He is responsible for identifying major vulnerabilities in various access control and biometric systems, and has a passion for creating devices that emulate access control tokens either electronic physical or biometric. Andy has been responsible both directly and indirectly for changing access control guidelines for several western governments. Andy is currently a director of Aperture Labs Ltd, a company that specialises in reverse engineering and security evaluations of embedded systems.

Indie: a tale of privacy, civil liberties, and a phone

Can a phone really help protect our civil liberties? Aral Balkan thinks so. And he’s embarked on an audacious journey to make one. Join us to hear the introduction of a two-year story that is only just beginning.

Aral Balkan is an experience designer working to change the world by bringing design thinking to open source. His latest project, Indie Phone, is an ambitious initiative to build a beautiful new mobile platform that empowers regular people to own their own data. He is an award‐winning speaker and a board member of CodeClub.

Closing date for bookings is Wednesday 19 February 2014 at 11:59pm. No more bookings will be taken after this date.

For overseas delegates who wish to attend the event please note that BCS do not issue invitation letters.