Next week at the Black Hat Briefings in Las Vegas, Brown will release the end result: a modified RFID reader that can capture data from 125KHz low frequency RFID badges from up to three feet away. Previous RFID hacking tools must be within centimeters of a victim to work properly; Brown’s tool would allow an attacker or pen-tester to store the device inside a backpack and it would silently grab card data from anyone walking close enough to it.
We use RFID cloning devices, but these need the card to be physically on the device or very, very near. This solution is great, a walk-by-card-cloning.
On top of the hardware issues, there is this issue as well (and we can benefit from this as a red team)
The RFID systems have no security, such as encryption, behind them, making it trivial to intercept badge information. An attacker can in theory capture card data, clone it onto a new card, and be able to access a physical facility. Compounding the problem for enterprises is that these readers and badges are often managed by physical security teams and generally operate on a 20-year product lifecycle. For a large company with 100,000 employees, you’re looking at at least that many replacement badges and readers, often in many countries. HID, a leading proximity-card manufacturer, admitted in a June blogpost that its legacy 125KHz cards are vulnerable, yet are still in place in 80 percent of physical access control systems despite the availability of more secure alternatives.