Most tag writing apps can erase them as well
Ah, I wasnt sure if you knew of an app you could just pull up and start swiping your implants.
.I figure if someone has detained me, (not planning on it) I won’t have time to try and rewrite each tage like that.
You will be able to write your own java card applets for VivoKey Apex that will wipe themselves after several attempts using an incorrect pin or passcode… but we prefer to take the pre-tarpit approach where the pre-check delay just goes up for each incorrect guess.
Or a “correct” authorized access pin or passcode and an “incorrect” self destruct pin or passcode
Right, I keep forgetting applets are kind of a game changer in terms of capabilities.
yep, that’s called a “duress code”, and it’s totally possible…
Ok, I just ordered a few readers to sacrifice in the name of science --and entertainment.
Going to attack a Nexus 5 too, but if anyone has an old (or new) phone they would like to see tested, let me know and we can chat out of thread.
I’ve also got some better camera gear on the way, so definitely a youtube video, possibly a live stream if I can get the multi-source capture ironed out.
yeah we might be able to actually fork or merge VivoKey support into VeraCrypt … eventually…
I just uploaded a full length live stream of the NFCKill being used against various devices. Some interesting results for sure.
TLDW:
RFID cards/implants are affected at a greater range, but take more “strikes” to destroy. RFID readers can also be disabled.
NFC card/implants are easier to destroy, but are only affected at close range. The NFC readers, including the Nexus 5 tested in the video, don’t seem to be affected at all.
Stream starts at 10:30
Just to be clear (as we don’t want to propagate the misconception) NFC implants are RFID implants
Video sounds interesting, taking a look now
Thanks for the share, 1hr40min, I guess I know what I am watching on the bike tomorrow morning
Thanks
I’ll be sure to put that distinction in the video notes. Thank you for keeping me honest!
I wonder if it could get through platemale or chainmail?
If not maybe I would finally have a reasonable excuse to get a set of armory…
Video was good, interesting to see what the device is capable off. The DOS of an entry point to relax security was the only practical usecases I could think of so far.
That’s Soapy. I’ll have to put some pictures up!
Thanks for watching!
Yeah it’s hard to imagine an engagement scope actually allowing for this to be deployed, but it’s certainly a scenario worth some exploration.
I did about an hour on the bike, so have another 40 mins to watch, Did you do any testing from the underside, Just wondering if it is shielded / directional.
Deployment wise, in a satchel, as a brush past in a crowd???
Dick Move but possible, although slightly more difficult now with social distancing.
Think Electronic Frottage attack
I think @freqyXin is saying that it would be hard to get a company to agree to let this tool be used in an engagement. Like red team stuff. Not that it would be hard to physically use.