Analyzing an RFID scanner: bad habits never die
More than a year ago, BlackArrow's Red Team conducted a security analysis of an RFID scanner used by one of its customers. These kind of devices entail serious risks when integrated into the company's network. Their security is usually not a priority during their development and, as a result, easy to exploit critical vulnerabilities are often found on them. This article aims to share, in a short and simple way, some of the vulnerabilities found, as well as to discuss their viability as a starting point in a Red Team exercise. RFID scanner Reconnaissance Externally, the device has a small screen and four buttons (Cancel / OK, and Up / Down) through which it can be physically interacted with. In ...