Hackers find a way to crack popular smartcard in minutes

RFID-enabled smartcards now can be far more easily, and cheaply, cracked than ever before

People are starting to wake up to the fact that RFID-enabled smartcards now can be far more easily, and cheaply, cracked than ever before, as a trio of young computer experts recently showed.

These are a particular type of processor-embedded cards, and are different from credit cards. The actual decryption work by the researchers was done on the widely deployed Mifare Classic wireless smartcard, now manufactured by a Philips spinoff, NXP Semiconductors. Decrypted, the cards can be counterfeited, and users' personal and bank data is exposed.

That card is the basis of such new systems as the Dutch OV-Chipkaart, being rolled out in The Netherlands as part of a multi-billion dollar nationwide transportation ticketing system, and the so-called CharlieCard, used in the Boston subway system. The decryption breach triggered a firestorm of controversy, and Dutch authorities apparently have halted the rollout and are investigating the vulnerabilities.

The card can be used in debit/credit transactions with the user's bank account. This personal and important data is encrypted on the Mifare Classic with a proprietary encryption scheme.

The newest attack was demonstrated at the 24th Congress of the Chaos Computer Club in Berlin last December. Interest in the study has been spreading steadily from the arcane world of security hackers. One of the researchers is Karsten Nohl, a graduate student in the University of Virginia's Computer Science Department, in Charlottesville, the other two are Henryk Plotz and "Starbug." The trio apparently demonstrated a practical and effective way to break the Mifare encryption key, confirming what many cryptographers had suspected.

The team used an inexpensive RFID reader to collect encrypted data, and then reverse-engineered the chip to figure out the encryption key to decipher that data. They examined the chip under an optical microscope and used micro-polishing sandpaper to remove a few microns of the surface at time, photographing each of the five layers of circuitry. Nohl wrote his own optical recognition software to refine and clarify the images, and then patiently worked through the arrangement of the logic gates to deduce the encryption algorithm, a task made possible by the fact that the Mifare Classic relies on a secret key of no more than 48 bits.

"Regardless of the cryptographic strength of the cipher, the small key space therefore permits counterfeiting of any card that is read wirelessly," the team wrote in a follow-up statement issued on January 8. "Knowing the details of the cipher would permit anyone to try all possible keys in a matter of days," the researchers noted. "Given basic knowledge of cryptographic trade-offs and sufficient storage, the secret keys of cards can be found in a matter of minutes."

The Dutch transit system actually uses two other types of tickets or cards, and both have been successfully attacked by other researchers.

Nohl and his colleagues noted that other types of Phillips RFID tags, such as the Hitag2+ and Mifare DESfire, are not affected by their findings.

RFID security concerns have become pronounced over the past year or so, as hackers and researchers make more concerted efforts to understand the vulnerabilities. In mid-2007, one team used readily available RFID gear to read the Electronic Product Code data on tagged boxes loaded on a tractor-trailer. A year earlier, another group raised the specter that RFID tags could be infected with computer viruses.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

John Cox

Network World

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest News Articles

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?