Going to attack a Nexus 5 too, but if anyone has an old (or new) phone they would like to see tested, let me know and we can chat out of thread.
I’ve also got some better camera gear on the way, so definitely a youtube video, possibly a live stream if I can get the multi-source capture ironed out.
I just uploaded a full length live stream of the NFCKill being used against various devices. Some interesting results for sure.
TLDW:
RFID cards/implants are affected at a greater range, but take more “strikes” to destroy. RFID readers can also be disabled.
NFC card/implants are easier to destroy, but are only affected at close range. The NFC readers, including the Nexus 5 tested in the video, don’t seem to be affected at all.
If not maybe I would finally have a reasonable excuse to get a set of armory…
Video was good, interesting to see what the device is capable off. The DOS of an entry point to relax security was the only practical usecases I could think of so far.
I did about an hour on the bike, so have another 40 mins to watch, Did you do any testing from the underside, Just wondering if it is shielded / directional.
Deployment wise, in a satchel, as a brush past in a crowd???
Dick Move but possible, although slightly more difficult now with social distancing.
I think @freqyXin is saying that it would be hard to get a company to agree to let this tool be used in an engagement. Like red team stuff. Not that it would be hard to physically use.
We where talking about blowing the reader on the door so that that a pen tester could slip in when they end up propping the door open or something like that due to it being broken.
There is limited to no gain from killing a card in terms of getting further access that I can think of.
If you kill enough badges, ie a phony reader, it could make the target second guess badges that don’t work. They’ll either set up a manned checkpoint (bad) or just prop the door open (good) until its “fixed”
The radiation pattern seems to be fairly tight, but I didn’t have any intentional testing of that characteristic.
I would say yes, there is enough evidence to suggest that caution should be taken if this device is used by someone with hand implants. I make a somewhat conscious effort to keep my hand implant clear of the strike face on the NFCKill. But seeing how the range is considerably longer on the LF side than I had previously thought, I’ll be keep my hand far away now.