BarCode
Barcode is a cocktail powered podcast that dives into the technology, personalities, criminals, and heroes that have come to define modern security across the globe.
Hosted by Chris Glanden.
BarCode
Iceman
Iceman is a renowned figure in the world of RFID hacking, with expertise in NFC and EMV technologies. As one of the lead open-source developers for Proxmark3—a powerful platform for RFID hacking and analysis—Iceman has significantly enhanced its capabilities. He is known for overhauling the user interface and expanding the feature set to allow device owners to maximize their usage. His work in the open source community has been focused on making RFID technology more accessible and understandable, and he continues to contribute actively to the field.
TIMESTAMPS:
00:02:27 - Introduction of Iceman, RFID hacker and contributor to the Proxmark project
00:07:23 - Explanation of Proxmark device capabilities and the development of the Iceman fork
00:14:13 - Formation of the RFID research group and transitioning from a hobby to a public figure
00:17:49 - Introduction of new RFID tools, concepts, and weaponizing RFID readers for unauthorized access
00:20:40 - Effectiveness of RFID wallets and the cat-and-mouse game with weaponized readers
00:24:06 - Development of magic cards for RFID hacking and the potential impact of AI on RFID research
00:28:29 - Participation in RFID hacking competitions, CTFs, and the importance of forums and Discord for knowledge sharing
00:34:42 - Flipper Zero as a well-made tool with an ecosystem for extending functionality
00:35:57 - The future of RFID hacking, including secure communications, advanced crypto, and chip implants by Dangerous Things
00:39:38 - Iceman's experience with metal detectors, TSA, and the exciting future of RFID for hackers and end users
00:42:52 - The need for vendors to allow legal copying of items and the importance of disrupting tracking and logistics systems
00:45:07 - Iceman's recommendations for following his work and joining relevant Discord server
SYMLINKS
X: https://twitter.com/herrmann1001/
YouTube: https://youtube.com/@iceman1001/
Discord: https://discord.com/invite/QfPvGFRQxH/
Proxmark3: https://proxmark.com/
Iceman Fork: https://github.com/RfidResearchGroup/proxmark3/
Dangerous Things: https://dangerousthings.com/
Flipper Zero: https://flipperzero.one/
IceDev: icedev.se
DRINK INSTRUCTION
Wildcard
1 oz Cardamaro
1 oz Genever
1 oz Cynar
Add all ingredients to a shaker filled with ice. Stir until chilled and properly diluted. Strain into a lowball glass filled with fresh ice. Optionally garnish with a sprig of rosemary or an orange peel.
CONNECT WITH US
www.barcodesecurity.com
Become a Sponsor
Follow us on LinkedIn
Tweet us at @BarCodeSecurity
Email us at info@barcodesecurity.com
This episode has been automatically transcribed by AI, please excuse any typos or grammatical errors.
Chris: Iceman, thanks for stopping by BarCode man. I appreciate it.
Iceman: Thanks for having me, man. It’s awesome to be here in your podcast.
Chris: Thank you. So let’s start off with your origin story. Explain to me just how you got into RFID hacking.
Iceman: Oh, wow, that’s a good one. This is a story I usually tell. So a couple of years ago, like a decade ago, I got separated from the mother of the children and I was kind of depressed. And I decided after a year or so that I wanted to do something fun with my life again. I always liked computers. I always done that. I’ve always enjoyed it. It’s been my greatest hobby and joy of my life since I was a small, small child and I lost all that feeling. So I was like, I’m going to go something that I want to do.
Iceman: You’re working with stuff, you’re working with computers, you develop and you just lose the whole thing. So I decided I’m going to do something naughty. So I was just hearing about how the transport system in my hometown that way you were using my fair classic cards as of this contactless payment systems. I’m deeply fascinated. How does that know curious person. And then I was reading that was some kind of attack happening from a hacker space up in another part of Sweden talking about their system and they were using the same system as seems in my hometown.
Iceman: So I was like googling a little bit and the word proxmark comes up. So I happily goes out online on this Chinese site and you order a proxmark and you spend $ on it. This was back in . So the proxmark you got back then was rough. You wait for two weeks, very excited about it. And then what comes is an embedded device. It’s just a circuit board, it’s like a PCB with some antennas, with some pcb antennas as well.
Iceman: And they go like, now what? What am I going to do? I never touched anything embedded. I haven’t done anything at all. But I’ve been doing computers all my life, so I can fix this. So going out, I’m doing the installing this minv because I’m on a Windows setup and try to compile, pulling down libraries, I know my way around Linux and I fail and I go on the forum, the Proxmark forum. And the people go like, which guide are you following?
Iceman: I don’t need. I should just be able to do this and this and this full of ideas, how it should be. So after a week with constant failing and not making it compile and anything like that, I was so disappointed on myself and on the thing and I doubted myself even more. So I wrapped it all up again and I put it on a shelf near to my computer. I have it a little bit higher up. So you have this love and hate relationship with a device.
Iceman: It looks down to you and it despises you and reminds you about your failure, how bad you are. And it’s like, oh God. It took some time. It took me quite sick. It took me quite a long time, actually. It took me six months before I was ready to accept that I need to learn from beginning. And I’m not as good as I think I am. So I said to myself, I spent so much money on it, I’m going to make one more try. And I wanted this, obviously.
Iceman: So I took it down. You looked up a guide on Internet, following it and it compiles. Oh, that’s nice. Then doing a flashing of an embedded device. Never done that in my life. That was very exciting. And that works. I’m like, okay, you’re getting all juiced up with that. And you start running the Proxmark client and like, oh, this part I’ve read so much about. Get my transportation ticket system card and put it on there on the reader, on the antenna rather.
Iceman: And I type in the commands HFMF dark side and I press enter. And about seconds later, about , if we can talk, the first key comes up and says, you have now cracked a key. And that feeling, that instant dopamine kick was so tremendous. Hot. I remember to this day how I felt and I was like, I got to know more. Give me. It’s like Neo in Matrix, more. That was it. That’s how I started. That’s the start of iceman, actually.
Chris: Nice. So just the level set. Can you describe the capabilities and exactly what a Proxmark device does?
Iceman: Yeah, well, so the original Proxmark device is an open hardware, open source project by Jonathan Westus. As his master thesis in California. He was looking into low frequency tags where he was severely doubting was safe and secure. So he developed through some iterations of the hardware and what became the Proxmark number three, that’s its third iteration, is a device that can read, write, emulate, perform low level attacks, and you have control of the whole stack from the bottom to the top of it.
Iceman: Nice. So you can replay, sniff, attack. You can do so much more with it. So it’s an all in one. Normally it’s a reader, or normally someone has a reader writer when it comes to cards, but Proxmark is very much more flexible. It has a very old hardware architecture, so it uses both an FPDI and an arm MCU. And that is all updated. And in order to do it, it’s very weak hardware in that sense. We only have like .
Iceman: But the amazing thing with it still today is that modern firmware and clients and stuff that we do runs on old devices as well. So you can still, I say this as a joke, sustainability, that’s something we aim for. We don’t actually, but it’s just a part of it. So ten year old device, my oldest proxmark that I bought ten years ago, still works today with the new stuff. So it does so much, much more and it’s all manually done.
Iceman: Which leads me to one of other things. One of other things is that a Proxmark is a running joke. Back in the day still is. A Proxmark can do anything, but you have to implement it yourself, meaning that there’s a lot of people adding stuff and they only want to add the stuff that they are looking into. So when this product came out is was when people started hacking. Some German hackers, some Dutch hackers looked into and realized how to attack the Mifa classic card. They also did the legit cards and they added support for a, ISO A in proximal code.
Iceman: And then, the first manufactured PCB. Back in the day, you have to order all the parts and solder and design it all yourself. But the first Chinese copy started coming out from Rice Corp and what was the name, radio wars, another Chinese developer. And then you got some pre made antennas, also something that didn’t exist, but there was very lacking support of everything. You had rudimentary support of some attacks, which was good, but then it was going all the way.
Iceman: So when I started , I realized, okay, this has potential, it can do things, you have control, it’s very interesting, but I cannot use this the way I want to do it. So back in the day, you need to do the LF signals. You have to look at the raw plot window, then you have to manually decode every bit knowing Manchester encoder not, and then swap the bit orders, and then know descrambling codes and understand VGAN.
Iceman: And then get the facility code and card number out of it that you can use then to program another card called the t . And it was just a nightmare. I was like, I know that after a year of trying to do things, but this is not how I want to do it. If I want to do this every day, I need to do something. So it has to be on a completely different level of software. So I realized, let’s go into, I mean, that’s what I’m good at. I’m very good at software developing.
Iceman: So I was like, let’s do that. I can contribute with that. So I started fumbling into open source and git, and we swapped to git. By then we were on SVN before, subversion before. And then we went over to GitHub and I started doing things there. Which leads into another question of yours, why Iceman fork is what it is. It’s a part of that story actually, because I was doing things. And the old click, the original, the Ogs didn’t really like that. I made it so simple. And what was the aim for it? Very doubtful and very rough in that sense.
Iceman: And I was like, I realized after a while that I don’t have to, I just can maintain my own fork of the code, and I will just backboard everything that comes down. So what? Official repo has changes. I also have. So I did that, and I’ve been doing that ever since. And slowly but slowly, the Iceman fork became the go to repo because it was easier, more understandable, more continuity in the way you work with things, less bugs, less crashes.
Iceman: And that resonated more with the people. And today it is what it is. So the official repo is still there. It’s not very maintained, even if I’m maintaining myself there. So right now, Weisman Fork is running on the RFID research group’s Proxmark repo. And most people today are happily and luckily unaware of how it was back in the days. And today, they can approach RFID hacking, they can approach pen testing and access control hacking in a completely different level and capacity than they ever could.
Chris: That’s still active today?
Iceman: Oh, yeah, for sure. I never stopped doing it. I don’t know why I should. Maybe so.
Chris: Would you consider this your full time job now?
Iceman: Oh, God, no. Here’s the thing. I never got paid for this. I’ve done this on my spare time because no pay. No pay. Yeah, exactly. I don’t know. You have to understand, I’ve been sitting on my own, in my own chamber here for the first five years of me doing this. I interacted with people on the forum and doing code contributions, and did that because I got some cards and people send me cards, I got more cards. You collect cards and you look into what you have.
Iceman: And then that’s what I did. And four people started up the RFID research group. RRG was Proxgrind, the hardware genius who designs the hardware, and was Sirxff, who is hardware software, is an old administrator of forums and repository. And then Dennis, the business unicorn, and then me. I call myself the poster boy, but we did that. And when we brought up the Proxmark Odov four, with a very successful Kickstarter for us, we brought the crowdfunding to this community.
Iceman: We brought a very nice, interesting version of a Proxmark out. Very much smaller, sleeker, better and improved in different ways. And that made me make a choice. I had to choose between going public, or become a public figure, or sitting home and doing stuff in my office by myself. And that was the first time I actually started going to hacker conferences or the infosec conferences to talk about the Proxy.
Iceman: I started to meet people in person and they started telling me wow, I use this stuff, you’re so great, I love what you do and all that stuff. And I’m like do you do this for full time? Do you get paid for this? I’m like no, it’s just my hobby and I never heard that before. That was an eye opening and yeah nice.
Chris: So how has RFID evolved since you initially became involved early on? And what developments do you feel has had the biggest impact?
Iceman: I think many things has impacts, but it changed tremendously. I think the whole hackery community in general has changed tremendously over the last twelve years.
Chris: I agree.
Iceman: So in order to be a good RFID researcher you would need to have access to information, that means data sheets, you will also need to have software that has all those things that you want to do implemented and working. You would then also need different kinds of tools in order for different scenarios. So I am sitting in an office, in a desk at home, do not need to be mobile with pen testers and red teams, they need to be in front of a door and covertly tends to sneaking up and do things that makes you needing some other things. So the RDB four had a battery in it and then rudimentally RFID app on Android, that was one of the steps that changed things.
Iceman: It’s changed the scenarios. All of a sudden you can bring a proxmark without standing with a big laptop in front of a door and doing things more covertly. And the last four years, I mean even the flip zero, Pavel, he was on the Proxmark forum and before that and was inspired by all these hacker tools and wanted to do the mobile concept. Everybody talked about making a mobile concept but he actually made it happen. So the flipper Zero came out and it’s one of those go to tools now for red teams as well because it’s very mobile and I can do it, it’s a little bit limited in some of the stuff but it does the infield operations quite well.
Iceman: Then comes up other tools like a chameleon, ultra chameleons, there’s assimilation cards, there comes up also the idea of weaponizing readers. That’s something that was mysteriously talked about on a black hat talk back in the days.
Chris: And you said that was like modifying RFID readers.
Iceman: Yeah, you modify that by your sniffing out the vegan data out of the backside of a reader and then if you use a long range reader you can pass by unknown targets and try to read off the credentials without them knowing, then allowing yourself to make a backup and a clone of that card and present it to get access to.
Chris: The building and just some use cases to insert here. When you say RFID cards, are you referring to mainly access control cards?
Iceman: Here’s the thing, most people are very interested in that part, but for me that’s very limited. For me, RFID is a very broad scope. You have everything from pocket tickets, library system, transport ticket systems, you have ski passes, you have passports, you have laundromats, you have access to your house, buildings, you have also access control. And you find RFID pretty much everywhere in your phones. You have now this, Apple payments, you have also the EMV touch and know the Visa cards.
Iceman: And it’s just one little part of it that you look into. But there are so many applications, it’s also industrial applications. So for me, Alpha dhacking is that broader scope. NFC, what people use as another acronym, is a subsets of a high frequency possibilities or protocols that’s there, which enables you to make end of pack messages, which you use when you read a card. You can get make it send an SMS, or you can get someone’s business card with your phone. That’s typical, use cases for it, or you can get the Wifi password that way.
Chris: Do those RFID wallets really work? Have you tested those people?
Iceman: Have tested, I’ll test some of myself. It’s different kinds of it. You know, the idea of RFID cards is that you work inductively. So one of these wallet blockers, they basically shorten up the field so it consumes all the power that the field can present, meaning that other cards in back of it will not get enough power to start communicating with a reader. Then there are other cheaper versions or simpler versions that actually only blocks one protocol, like a protocol.
Iceman: And those are not as good. But when it comes to RFID, usually those wallets, it’s good to have if you have one, but if you have a stack of cards and they’re all different technologies, you also would need a various good, dedicated reader to read multiple different cards from the same technology. Say you have five cards and all of them are ISO , a type of cards. Those have an anti-collision part that the Proxmark doesn’t solve right now because it’s a little bit more complex than I needed.
Iceman: I don’t even think the flipper solves that. I don’t think many readers does. A reader is usually dedicated for one purpose. See, I’m looking for this card. I’m looking for this data. It’s not generic. That’s why the proxmark is so amazing as it is, because it’s not dedicated, it’s more generic, it can do very much more, but that’s one of the serious limitations of it. So, to answer shortly, your question is, yes, they work.
Iceman: Do I need it? Is another follow up question. Well, it never hurts you to have it, but if you have a bunch of cards in your wallet, you usually don’t have to worry about it.
Chris: Good to know. Yeah, sorry I got derailed there for a minute.
Iceman: No worries.
Chris: So you were talking about the device reader.
Iceman: Yeah, the weaponized reader. Yes. So weaponized readers actually, they put an excel device on when it’s installed on the wall. You can also put your own interceptor tool onto the wires. So this is a normal cat and mouse game. So you figure some shit out in one end, and then the vendors, after being aware about this a couple of months or later, starts doing something else. So in that world, the fiscal access control system world, they start in us using the protocol OSDP, which has a secure mode, which now the research is looking into, you can see that this is how you can always see that is you can look at black hat.
Iceman: If you go to black hat talks, you can see how they have target specific vendors and how we attack with support, how we mention some open source tool in order for them. They do it to promote themselves. Look what we can do. So you can see where the current research is going on without people doesn’t always share things, what they’re doing, but you can understand what they are focusing on and you understand why that part is the latest. So everybody wants to do that.
Iceman: You don’t see that tremendously much on other conferences. You see black cat and Defcon usually have the same talks, same speakers. Yeah, that’s just the nature of it. But you can see there. So right now it’s like everything, it’s a cat and mouse game. Another thing, what I want to say about the gadgets you say in this technology changes over the years is the development of many, many more magic cards. Magic card is not magic regathering. It is an RFID tag which has some special properties that was not intended from the beginning.
Iceman: Like use its unique id for a card print. That’s a simple example. Every card has a unique id that should not be reproducible in any way. It should be locked from production and globally, preferably. It should be unique as well. Now that is not the case. But a magic card allows you to change UID. So if you have some genuine card that you’re sniffing or a credential from a company, then you would need to change the UID as well. So those kind of cards was limited back in the days, and today they are so many more covering very many more protocols. So you have a plethora of those cards that you need to master today in order to be a successful pen tester and red teamer, or even for that case, if you’re a cloner.
Iceman: Cloner is a guy or a person or a company that sells backups of your keys, of your keys, of your RFID keys. If you have a tag and you want access to your housing in multitenant house, they offer services to make a duplicate of that which is just a clone. And in order to make that clone, you need to have special dedicated cards like those many cards, but that’s a profit thing for them. Okay.
Chris: Continuing down the evolutionary path, then how has AI impacted RFID? Are you leveraging AI in your work?
Iceman: It’s a very good question. I wish I could say, oh yeah, we really are adopting AI. I wish I could teach one of his new modern AI, the llama models. I wish I could teach one of them to answer questions how to do RFID hacking and building up services and stuff.
Chris: Oh yeah, I like that use case.
Iceman: Yeah. But it’s sadly enough, no. Short answer is no, we are not using AI yet. I know someone tried to teach one to answer help text commands for the proxmark, and they show me, in order to teach an AI, you need to tokenize the data sets, the learning data set. And that was a painful experience to see how much that was needed to just learn one thing. And I was like, we have commands now in the proximal client. I don’t think that will be feasible to do that manually.
Chris: Yeah, you mentioned black hat. I mean, with the AI hype at full throttle now, I’m sure you’ll see some type of RFID AI technology at black hat soon.
Iceman: I think the vendors would do it, yeah. But sadly enough, microcontrollers that are door controllers that usually stuck in a cupboard rarely looked up. So if that device is not hooked up to a cloud in some way, they are never going to be able to get the advanced AI to look into it. But more and more services is going towards that cloud thing, which is, well, I think intrusion detection and stuff like that. Yes, they will do it, but that’s way out of, I don’t care about that.
Iceman: So I care of one part of a chain, not that part of a chain.
Chris: Yeah. Okay. In terms of black hat and Defcon, do you ever participate in RFID hacking competitions or ctf related to RFID? Or do you run any competitions like that?
Iceman: I do love my. See, when I first visited Defcon, I was invited to talk at the wireless village. Back then it was called the wireless village. Nowadays it’s called radio frequency Village. And the ricks was running the show and I felt very welcome there and I was happy. So someone I think was Babak was doing the red team alliance, was doing a demo for access control with our Fid challenges. They had a suitcase there was really nice, and still run that show.
Iceman: And then Nick came in and improved the RFID part for the wireless village for the ctfs. I usually answer questions to how to operate and how to look at the problems that they are because it wouldn’t be fair if I would participate.
Chris: Right?
Iceman: Yeah, it would be very unfair.
Chris: Yeah. Okay. So when you got started in this, I assume there wasn’t much education or training methods for RFID hacking that really would have helped accelerate your learning.
Iceman: Well, I’m happy they asked about that. Back in the days. We still exist is the proxmark forum. proxmark forum is a vast knowledge of previous RFID hackings findings and research. Yes, it was tremendously interesting of seeing collaborations across in the community to figure things out and to solve things. And that lay the foundation to why you see so many cards can be easily cloned today or copied or backed up or emulated and understood, because that took tremendous of effort from several people involved. It was not just one person.
Iceman: We always say that we are standing on the shoulders of giants. And I say it to this day because it’s so true. I stand on the shoulders of people who was before me, and now I’m trying to make sure that people can stand on my shoulders in order to pass the torch on so they can do more and get further than I would ever have managed. And that is the forums. People stop doing that. It’s not a new thing.
Iceman: I got questions from people. It’s like, why don’t you use discord? Why use a forum? Forum is boring. I was like, yes, but the forum is searchable and the kids. Discord is for gamers, isn’t it? So even my kids fought that. And then I was like, okay, Covid came. I was like, okay, let’s start this discord then. It doesn’t hurt and it took off. People wanted to be there. People like to chat and I really love the video and audio calls you can do there and it’s for free.
Iceman: So today we over , members on their discord. We are about or members on the forums back in the days that still exist. Yeah, I have like followers on Twitter. That’s interesting. This topic of RFID hacking, same thing for my YouTube channel. It’s like . So if people want to get hold of me or look at things and get into things, the discord is the place to go ask questions. There are many other places. You have dangerous things.
Iceman: Dangerous things is an implant or biohacking company from Startowit run by ML. And they have a very interesting discord and they also have a forum that’s tremendously active by people who like to make implants and enhance themselves that way. And they’re really interesting to make clones onto it. So you have no use of an implant if you can’t clone a card to it. So you can use your fancy implant to show off that you can open the door without showing a card because it’s implanted.
Iceman: So they are very curious in that. And with that said, you also have the flipper zero came into the scene two and a half years ago and they took everything by storm. So they have heard something ridiculous number, but they sold , units and I think they have a user base of , users or , users on their discord. And they also have a forum, but it’s more generic, so the flipper can do many more things.
Iceman: And you will see that the people who says the most about things, there’s a click about , people, you will find them on all of those platforms and you will recognize the names and go like, I know that guy. I know how to get hold of them, man.
Chris: I gave up on the Flipper zero. I could never get one. Although I heard it’s a phenomenal device.
Iceman: It’s really well made done. That tool is really well made. It’s perfect form factor in that sense. A little bit clumsy for me, but it’s okay. But what they did is also they made this apps and software for it. We can really tell that they had some. They paid developers for three, four years that been working on it. So they have an ecosystem now with an App Store which you can just download and goes very fast and quick. You just click, click and that’s done.
Iceman: So we updated it and it goes with Bluetooth over to your phone and it just works very beautifully. And you can improve or extend the functionality of flipper tremendously much. And you see also these add on boards that people added. So today it can do so much, much more and you can easily do those hardware attacks against things that was hard to do, is now within a click of a button. So entry to level, from nothing to performing an attack like that today is very simple.
Iceman: And there’s also very many people who doesn’t know what they’re doing, being able to do that. So that’s one of the things you saw this Bluetooth spam attack, for instance, it was going rounds before Christmas, and it’s fun because it spammed all these messages on your iPhone and eventually it crashed. Same thing with Android. But then all of a sudden someone’s insulin pump that was Bluetooth control started not working, or the insulin monitor. And then it’s so simple for people doing things because they don’t understand what we’re doing or the consequence of it doing it.
Iceman: So yeah, it is what it is. But if you’re interested in doing all this stuff, then you should buy flipper. But if you want to understand how it’s done, then you need to look at the projects that the six open source project that Flipper took from, because they didn’t develop anything themselves. They took six open source projects and smashed up together in one nice little must have gadget. And then you start looking into, okay, I’m interested in bad USB or rubber ducky things.
Iceman: You look into how that works and then you go like, I’m interesting in Bluetooth hacking, how does that work? Then you go into like, okay, RFID or STR or sub gigahertz with mhz radio, garage, remote doors openers. You go into key fob systems with rolling codes and you understand how that work and how those attacks was. And you realize when you see the names of those people, when you’ve been around, you see those people, the good people who’d done all that stuff, you see them in many of those hacker projects across GitHub and you see them across all the talks on Defcon and black hat, and you realize, okay, so those are the ones who making the stuff.
Iceman: And then we have those who’s running the stuff, but it’s fun. So get yourself one. Yeah, for sure.
Chris: Yeah, I will, man. So you mentioned dangerous things and I was on their website and saw that they have chip implants. And I know that biohacking village and Defcon actually performs chip implants on site.
Iceman: Yep, they usually have.
Chris: I assume this is an RFID chip. So can you talk to the capabilities of that?
Iceman: It’s different. So normally you get different models of it. But if you want to do that, you want to do something that has a magic capability, like I said before. So you want a magic tag. Tag that can be programmed to become a complete clone of something else of your backups. So you want to have a low frequency. That’s the XT, they call it. I’m not quite sure on the nomenclature or the product names on dangerous things, but I can tell you the technology behind it, though. So that’s a t card, which I have one of those implanted.
Iceman: And then you would have an old Myfer classic s card, one k. That would be good. And then you have, in Yomi states, you have a lot of legacy iclass. There’s a legacy iclass implant you can do a little bit bigger and. Yeah, that would be the ones that’s available right now for you. That would be interesting. And then we have this vivo key that can do payments eventually when we get. Not following quite, because amal might be correcting me for this later on, I guess. But the vivo key is supposed to be able to make payments.
Iceman: That’s the biggest thing in the DT world, the dangerous things world, is to be able to pay with your hand or implants.
Chris: Interesting.
Iceman: That’s the holy grail of that world.
Chris: Can you do that now?
Iceman: No. Well, yes. No. Okay, let me explain that one a little bit better. So you cannot make a copy of a payment card. Let’s make that clear.
Chris: Okay.
Iceman: But you could, and people have done is that you can dissolve your payment card. If you dissolve your plastic card that you have, your payment card, you will see a chip and you will see an antenna, and then you will attach that chip to a much, much smaller antenna and coat it with biocoding so the body rejects it. And then you would implant your live chip with that new antenna in your skin. And that would be working as long as that card is valid.
Chris: Interesting. Okay, do you set off metal detectors or do you get questioned by the TSA when you go through an airport?
Iceman: Sir, spread your legs. Sir. I went to hospital to make an MRI or something like that. And they was like, do you have any like, oh, yeah, I do. Can you point it out where on your body you have it? It’s like, yes. So the MRI will pull in your implants, I guess, but it’s such a weak one that I have. I have only one. So it’s not a big issue. Apparently it’s worse if you have bigger metal piercings, I guess.
Chris: So where, in your opinion, is the future of RFID headed and what are you most excited about?
Iceman: See, two years ago I was a little bit depressed and I thought like, oh God, this is not going to happen. And then I had a serious think about it and I realized that the hackers today, they are so much ahead of a game that they have availability of tools, hardware tools, software tools that is so developed that wasn’t there ten years ago. They can do so much, much more. So whatever comes out today, they will have a really serious approach than being analyzed in how it’s going when it comes to RFID.
Iceman: The access control systems are going towards this secure communications between the door controller and the door reader in order to save secure that, but it’s already being attacked and analyzed. And given that, that would be something, that would be a next version of there of course, of that iteration of that protocol. When it comes to RFID tags, you still have the most secure ones. They most likely will produce a new model with even more crypto and running faster and all that stuff in order to secure complications.
Iceman: So you have data at rest and you have data in trans, in the air, and they will secure all of that stuff. So there are some really exciting stuff going on and it’s fun to hear it. And I think for the end user, if they want to be secure, I think they will enjoy it and they will have a more secure product. There’s a lot of things mixes over today. You have Bluetooth locks, you have IoT, and it’s all touches based with different ways of communicating. And RFID happens to be one way they’re communicating.
Iceman: And the hackers today is going to look into all aspects. We’re going to look into the cloud aspects, the APIs, we’re going to look into the hardware, we’re going to look into every part of it and try to analyze and attack that, and we will succeed most of the times. So for you, as an end user, I think for a person who likes to have implants and have a copy of things, I’m sad to say, all this will make sure that products are becoming more secure, so you will not be able to do that, because that’s contraproductive.
Iceman: So I hope that the vendors produce a way for people to actually make legal copies of things instead of locking you down and stuff like that. You’d be surprised. I was surprised when I saw that my wireless headset had RFID because easy configuration. I was surprised to see it in places I didn’t think there was. But okay. So for me, the world of RFID, it’s everywhere. It’s also in the supply chain.
Iceman: Here’s another thing. The proxmark and flipper can only do low frequency and high frequency. There’s another field, there’s another array of the frequencies that’s called the ultra-high frequency they use for RFID hacking as well, or supply chain luggage tags on airplanes. When you check in, all of that tracking in an industrial scale will also be looked at. And today, researching that, it’s kind of limited what I know, because it’s not been unified in a community yet, but everyone will look into it because it’s important.
Iceman: If you can fuck up tracking or logistics system for Amazon’s warehouse, then you have an issue. So it’s all part of that. It’s not just access badges.
Chris: Well, I have a feeling our listeners will be eager to hear more about you and your projects. Where can I point people to follow you or to reach out to know what’s the best way for them to connect with you online?
Iceman: Twitter, man. You can follow me on Twitter, and you can watch my YouTube channels. Please subscribe. And you most definitely have to head over to the proxmark or the RFID hacking by Sman Discord server. I’m pretty sure that you will make a link to it somewhere and feel free to join up there. And we are promoting learning. It’s not a how to clone place. You have to show an effort that you want to learn and understand how things are doing. That’s what we balance on.
Iceman: It’s a very thin balance edge that we have to do. We have to balance that edge in order to say we’re not just the cloners and share cloning things like toys to life people. If you’re interested in learning how to do things, the doors are open. But if you just want to clone something and get things done and get out of there, people is not going to help you out very much because usually people’s like, oh, I’m on a pen test, how do I do this?
Iceman: Well, you’re getting paid for that, so that’s your business. You should learn this before you can’t just come and think. You get some free support. But anyway, with that said, the discord. Definitely Twitter and YouTube. Yeah.
Chris: And tell me about Ice Dev.
Iceman: Ice dev. Oh, that’s my company is. Dev is one part of my company. Original? It’s called ISQL, but is Dev is one part of it. I’m going to offer trainings and consultations and hardware and software product development bespoken this year with that.
Chris: So since this is barcode, we need to start shutting down. I’m curious, in all of your travels, where is the best bar or coffee bar that you’ve ever been to?
Iceman: Oh, coffee bar. It’s two. It’s quite easy if you’re into coffee, which I like. My espresso. If you like coffee, there’s only one place in Europe that you really are. Well, it’s a whole country, of course, if you like it that much. But is one place that you need to go. It’s baritaliano. Baritalia in Soho. In London, you will have attitude bartenders giving you baristas giving you your espresso. And that espresso is the best damn espresso you can find in most of Europe. If you don’t go to Italy, of course, because then that will be topped.
Iceman: Anything in Italy is better than outside. When it comes to bar. The fanciest, fancy that I liked is a steampunk version idea of that in Singapore that had meters high walls covered with gins and different alcohols. Had a ladder up there and it’s like a steampunk. It’s really nice. I don’t know the name of it but that was rails. Could it be rails? Could it be?
Chris: I’m just looking up online.
Iceman: Let’s see. Atlas. Atlas. Atlas bar.
Chris: Okay.
Iceman: Atlas bar is the best team bar in the world. Yes, it is. Atlas bar. Yeah. So yeah, go for that one. If you’re ever in Singapore for black Cat Asia or whatever reasons, just pop off and you order some table at the Atlas bar in Singapore. That is a real treat to experience. It’s awesome. Really good.
Chris: So I just heard last call. Here, I got one more for you. If you opened a cybersecurity themed bar, what would the name be and what would your signature drink be called?
Iceman: I would say ice bar, but it’s already taken.
Chris: Yeah, you’re right.
Iceman: My ice bar would be funnier though. But I would say steamer would be also fun in that sense. But I’ll bring the heat up. But it would been a proper and decent gin tonic. That would be it. I do like my gin tonics. It’s a gentleman’s drink.
Chris: Okay. Yeah, I love gin and tonics too. So we’ll go ice bar, signature drink, gin and tonic.
Iceman: Yeah, a proper gin and tonic.
Chris: Proper gin and tonic. So what’s a proper gin and tonic?
Iceman: It has to be good alcohol, a great balance. You have to have great tonics. So you need to have a fever tree tonics that’s adapted to it. You need to have a proper English London dry gin, and you need to have it well cold, and some squeeze and twist of lemon in it. And that would be a proper gin tonic, nothing fancy, with black peppers and all that stuff, or a cucumber and all that. It is a cold drink and it’s a sophisticated drink for gentlemen to have.
Chris: Love it, man. You should do a commercial that sounds like an iceman bar commercial right there. You just did it. I’m sold.
Iceman: We better have one now. Next time I see you in the States, man.
Chris: Yeah, for sure, man. Next time you’re in the States, hit me up and we’ll catch up for A-G-T. Thanks so much for stopping by, man. It was great to talk to you and take care. Be safe.
Iceman: Thank you so much. Take care.