Click to Skip Ad
Closing in...

Hackers can break into your company using $700 worth of parts from Amazon and eBay

Published May 2nd, 2016 5:01PM EDT

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Hackers looking to break into companies could do so with the help of a $350 device that can be purchased online from Amazon or eBay, new research shows. By taking advantage of the way most employee ID badges work, hackers could simply manufacture counterfeit access cards that would work just like the original badges.

DON’T MISS: Time to cut the cord: $95 gets you a Fire TV and free network TV in HD for life

Researchers from RedTeam Security showed Tech Insider how easily it is to clone an access card belonging to any employee by simply roaming around. The hackers did not have to steal personal information belonging to that person and instead used a much simpler trick.

Using a particular device that costs just $350, researchers pretended to visit a target company. “[We] got the big, long range reader from Amazon,” RedTeam Security consultant Matt Grandy said. “They’re also all over on eBay.”

The attacker, posing as a student who requested a tour, carried the gadget in a seemingly harmless laptop bag that intercepted the unencrypted communication that takes place between an access card the moment it approaches a target. These work IDs use radio-frequency identification (RFID) to talk to doors and unlock them. Unfortunately, the data traffic isn’t protected by encryption, which means that it can be picked up by intrepid hackers armed with this device.

Purchased from Amazon, the portable RFID badge reader can grab card data up to three feet away. When positioned close enough to a target, the device grabs the data from the card who’s trying to communicate with it and writes it on a microSD card. That means malicious individuals simply have to find a reason to be in the vicinity of a known employee to try to grab his or her credentials.

The data is then transferred to a computer, where a $300 device called a Proxmark can write it on a fake employee badge. Using the manufactured card, hackers can then access any doors that badge is allowed to open.

There are ways that companies and employees can protect themselves against such attacks. One of them is using encryption to protect RFID data. The other one is using RFID-blocking sleeves for access cards – you can purchase them on Amazon at this link.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2007. When he’s not writing about the most recent tech news for BGR, he closely follows the events in Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming new movies and TV shows, or training to run his next marathon.