The RFID cards contain chips, that combined with readers in the poker table, transmit information about each player’s hole cards, so that viewers can see the cards on the broadcast (which is on a 30-minute delay to protect game integrity).
The RFID output that the Arduino gets is a 10-digit hexadecimal. With that in hand, Brown said it’s simple to replicate the remotely stolen information using a Proxmark device.
The unfortunate reality, according to Brown, is that with most of the building security badges that are running at 125KHz, there is no secure authentication mechanism.
Researchers in Korea have devised a cheap way of transmitting data from objects to mobile phones when swiped.
They have printed small “rectennas”, a cross between an antenna and an AC/DC current converter, onto plastic foils using electronic inks.
The clock operates over spans of seconds to minutes after an RFID chip is charged up from an RFID reader or other ambient radio-wave energy. As a result, even after the radio signal is removed, the clock endows the RFID chip with the ability to know when its security keys may be in danger.
Having a clock can be very useful in defending against brute-force attacks that may try to guess the chip’s passwords hundreds or thousands of times per second. A TARDIS-enabled chip—requiring no new hardware and representing fewer than 50 lines of additional code—would receive a power-up from, say, a nearby RFID reader. Instead of wiping the SRAM clean, the device would first read off the state of the SRAM, which would be partially decayed from the last time the chip was powered up. Comparing the percentage of decayed bits to a precompiled table would enable TARDIS to read off the time elapsed since the previous power-up.