Authors: Trevor Stevado Founding Partner/Hacker @ Loudmouth Security, Sam Haskins Hacker, Loudmouth Security
Contactless credentials have become increasingly popular for secure authentication and access control
systems due to their convenience and efficiency. In this talk, we will discuss a specific weakness in the
ISO 14443A protocol that enables replay attacks over moderate latency connections, leading to the
potential for long-range relay attacks.
During the presentation, we will delve into the history of contactless credential attacks, how
manufacturers have adapted, and discuss why we focused on a relay attack. We will provide an
overview of the ISO 14443A protocol and explain how the relay attack is executed and the ‘features’
of the underlying protocol that make it possible. Finally, we will demonstrate and release a new tool
to make this relay attack feasible with the Proxmark, as we attempt to unlock a door in Ottawa, ON
with a card on-stage in Vegas.
In addition, we will discuss the response from HID Global following our responsible disclosure against
their SEOS readers and suggest mitigations to prevent these attacks on your access control systems.