【Roman Perez Jr. Archives】

You're riding the subway to work,Roman Perez Jr. Archives or taking a smoke break outside the office, or simply strolling down the street. Someone with a backpack is standing nearby, but you think nothing of it.

Thirty seconds later that very same someone has a cloned hard copy of your work ID badge, ready to stroll right into your office.

SEE ALSO: Meet the cyborg bringing biohacking to the people

This is not only possible, but "very simple" according to security researcher Dennis Maldonado. Maldonado, the founder of Houston Area Hackers Anonymous and an Adversarial Engineer at pen-testing company Lares Consulting, was speaking to a packed house of hackers at the 25th annual DEF CON in Las Vegas on Thursday.

"In seconds you steal someone's badge, have a complete copy, and you walk into the building."

And they were very receptive.

"I'm going to assume everyone here is legit — is a pen tester, not a black hat," Maldonado said to laughs as he showed off a custom system he built to remotely copy and clone RFID tags.

While you may not know what an RFID tag is, chances are you've used one. You may even have one in your pocket right now. Put simply, radio-frequency identification (RFID) is a means of using electromagnetic waves to track and identify specific tags. The tags are frequently embedded in company ID cards, and employees — especially in the tech industry — have become accustomed to tapping those cards against readers to unlock office doors.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

They're digital keys, albeit keys that are extremely easy to copy — even from a distance.

Original image has been replaced. Credit: Mashable

Maldonado proceeded to demonstrate a rig that would allow an attacker to remotely scan a card, from a distance of approximately 2 feet, and then send that data to a cloning machine (up to 30 feet away) which would then automatically write the card.

He even made the setup user friendly, developing an Android app that syncs to a Pebble watch and notifies him via chime if his read on the target card was good. And, because standing two feet away from someone is a normal thing to do in elevators and subway cars, the victim would presumably never be the wiser.

"You don't have to go up to someone and touch their butt to get a card read," he noted — shortly before observing out loud that someone was trying to break into his network mid-talk (it's that kind of conference).

This Tweet is currently unavailable. It might be loading or has been removed.

The basic technology he used is readily available for purchase on eBay, and he told the crowd that he had already posted his code to GitHub. If you don't want to throw down the cash? Well, Maldonado pointed out that the remote RFID-scanning tech is all around us, like in parking garages, but he cautioned the hackers in attendance: "Don't go stealing those."

Which, well, that may have been the only part of his talk the crowd didn't seem too interested in hearing.

"In seconds you steal someone's badge, have a complete copy, and you walk into the building," he told those gathered. For the attendees of DEF CON, Maldonado's statement may have sounded like a challenge. For anyone who uses an RFID tag to badge into their office or home? They should take it as a warning.

---

Featured Video For You

---

Step inside the secretive class that turns people into hackers

---

Topics Cybersecurity

• Tech
• Shopping
• Social Good
• Entertainment
• Digital Culture
• Life
• Science
• Games

• The Kindle Scribe just dropped to its lowest price ever, but is it worth it?
• Snapchat says it's a camera company with more TV
• Prince George doesn't have time for high fives from Justin Trudeau
• Olivia Wilde slams Trump, and announces her baby's gender, in one beautiful tweet
• Today's Hurdle hints and answers for April 7, 2025
• Jupiter's moon Europa may shoot liquid water into space
• Why Zach Galifianakis doesn't want Donald Trump as a guest on 'Between Two Ferns'
• NASA will land daring spacecraft on a world 800 million miles away
• Tesla used car prices are cratering
• 5 creative ways to trick people into eating healthy

• Here's what it'll be like to take a ride on Blue Origin's rocket
• Photographer captures quirky portraits of dogs up for adoption
• Donald Trump's unprecedented lack of ad spending has hurt local media
• Awesome dad turns son's wheelchair into amazing 'Ghostbusters' costume
• 8 things we learned from PBS's excellent documentary 'Hamilton's America'
• The Walking Dead Season 7 spoilers: Who Does Negan Kill?
• Why are the tech giants struggling to build their own driverless cars?
• Baller commuter polishes basketball skills during massive Silicon Valley traffic jam
• Victoria Beckham just announced a very affordable collaboration with Target
• The iPhone has a hidden one

• Best Apple TV+ deal: Get 3 months for $2.99 monthly
• Cam Newton dons MLK shirt before game in Charlotte
• Watch the last episode of the 'Star Wars' superfan
• Marlins' manager sobs as he remembers José Fernández's infectious joy
• Best outdoor deals: Save up to 50% at REI and Amazon to prep for camping season
• The giant inflatable duck apocalypse has finally come to Scotland
• BlackBerry is back at it again with a mediocre phone
• One man's dinosaur impressions will save you a trip to 'Jurassic Park'
• Google Pixel Buds Pro 2: $40 off at Amazon
• Harry Styles' first solo magazine covers are here, and baby, they're perfect

• 'Thunderbolts*' mid
• Why it's so damn hard to get a jet black iPhone 7 and 7 Plus
• 3 facts and 1 big question about Jupiter's icy moon Europa
• A giant octopus attacked the Staten Island Ferry in 1963, except not
• UGREEN Nexode 25000mAh 200W power bank drops to $79.99 at Amazon
• How Facebook's last year shows dominance in mobile advertising — and what's next
• A giant octopus attacked the Staten Island Ferry in 1963, except not
• 5 Oscar contenders whose early work you can watch on Netflix now
• Best JBL deal: Save $10 on the Go 4 at Amazon
• Waze wants to help people keep up with their 'favorite brands'