Lotusphere RFID hacked

Tags :

Well there is not much surprise I hope.  Using a little hobby of mine with some RFID books and kits, I was able to pull apart the RFID tags from Lotusphere and see what they stored.  You know most of the stuff as you supplied it right to them.  Anything you put on the registration was on the tag:

  • badge id number
  • name
  • address
  • title
  • phone number
  • email address
  • primary industry
  • job level
  • number of employees
  • company need
  • attendee type

So then it all gets put into a database when we walk through the scanner.  If you poked in and out of a session, it grabbed you both times.  I can't quite see how Lotus could tell when someone was leaving versus coming in during that time of change between sessions, so there must be some form of cutoff.  So have no fear, I am watching you  :-)