Daily cyber threats and internet security news: network security, online safety and latest security alerts
October 6th, 2008

RFID Smartcard Vulnerability Published, Allows Anyone To Crack It In Minutes Using Inexpensive Tools

Details about world’s most widely deployed radio frequency identification (RFID) smartcard vulnerability have finally been published Monday. RFID smartcards are used to control access to many transportation systems, military installations, and other restricted areas, and it can be cracked in a matter of minutes using inexpensive tools.

The first among the 2 papers about this issue was published by researchers from Radboud University in Nijmegen, Netherlands. It describes in detail how to clone cards that use the Mifare Classic. The chip is used widely throughout the world, including in London’s Oyster Card, Boston’s Charlie Card, and briefly by a new Dutch transit card.

Manufacturer NXP and the Dutch government had tried in vain to prevent the researchers from disclosing their findings, arguing that the findings would enable abuse of security systems that rely on the card. In July, a Dutch judge rejected the request and allowed the researchers to publish their paper. It is titled Dismantling MIFARE Classic and was released at the European Symposium on Research in Computer Security (Esorics) 2008 security conference in Malaga, Spain.

It came the same day that Henryk Plötz, a PhD student at Humboldt University in Berlin, published a document that includes the full implementation of the algorithm used in the Mifare Classic. The two documents combined mean that virtually anyone with the time and determination can carry out the attacks. The weakness can now be verified independently by really anybody.

Over the past six months, many organizations that rely on the Mifare Classic have upgraded their systems, but there are systems used by government agencies or large multinational companies that have been unable to make the necessary changes because of the logistical challenges of issuing new badges to employees.

The main flaw in the Mifare Classic is a proprietary encryption scheme dubbed crypto1. It contains a weakness that causes it to produce outputs that are so cryptographically weak that attackers can guess the key in a matter of minutes. All that’s required is an RFID reader, a modest-strength PC, and about 10 minutes. NXP has said it has sold about 2 billion Mifar Classic cards.

The Radboud researchers have already used the discovery to clone Oyster cards and adjust the amount of credit stored on the pre-pay card. Separate students at the Massachusetts Institute of Technology claim to have found gaping holes in the Charlie Card used to collect fares for the Boston subway.

NXP Semiconductor has downplayed the significance of the flaw, saying the card alone should not be relied on for secured access to buildings and other restricted areas. A more robust card made by the company, the Mifare Plus, can use the so-called Advanced Encryption Scheme (AES), a time-tested algorithm that is widely believed to be secure.

Share this item with others:

More on CyberInsecure:
  • Billion RFID Access Cards Can Be Hacked
  • Cheap RFID Sniffing And Cloning Device For Sale By Researcher
  • Inexpensive Equipment Tricks GSM Mobile Phones And Intercepts Calls
  • Encryption Used To Prevent Eavesdropping Cracked, More Than 800 Million Cordless Phones Affected Worldwide
  • Locked iPhone Allows Passwords Theft And Decryption

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: RFID Smartcard Vulnerability Published, Allows Anyone To Crack It In Minutes Using Inexpensive Tools

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.