RFID-hack hits 1 billion digital access cards worldwide

Criminals can use the hack to create copies of building access keys or commit identity theft

The Dutch government has issued a warning about the security of access keys that are based on the widely used Mifare Classic RFID chip.

Government institutions plan to take "additional security measures to safeguard security, " Guusje ter Horst, minister of interior affairs, wrote in a letter to the Dutch parliament this week.

NXP developed the Mifare Classic RFID (radio frequency identification) chip, which is used in 2 million Dutch building access passes, said ter Horst. One billion passes with the technology have been distributed worldwide, making the security risk a global problem. A spokesperson for the ministry told Webwereld, an IDG affiliate, that it had not yet notified other countries.

The warning comes in a week when two research teams independently demonstrated hacks of the chip's security algorithm.

On Monday, German researchers Karsten Nohl and Henryk Plotz, who first hacked parts of the chip last December, published a paper demonstrating a way to crack the chip's encryption technology. The duo declined to publicly demonstrate their hack. "We want to start a discussion first, allowing people to adjust or abandon their systems," Nohl told Webwereld last week. He added that he would provide a demonstration before June.

On Wednesday, Bart Jacobs, an information security professor at the Radboud University in Nijmegen, demonstrated a hack of the chip's security encryption. Jacobs had notified the security service prior to going public, which has since confirmed the hack. A video demonstration of the hack is scheduled for publication on Wednesday.

Criminals can use the hack to clone cards that use the Mifare Classic chip, allowing them to create copies of building access keys or commit identity theft.

The chip is used in payment systems worldwide, such as the Oyster Card in the UK and the CharlieCard that is used in Boston. Both offer payment systems that allow for wireless transactions.

In the Netherlands, the Mifare Classic chip has been at the center of a national controversy since Nohl and Plotz first published their findings at the Chaos Computer Camp in Berlin last December.

The chip is the basis of a national proof-of-payment system for public transport. A recently published government-issued study by the Netherlands Organization for Applied Scientific Research dismissed the potential security threat, claiming that hackers would take at least two years to crack the security codes.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tom Sanders

WebWereld Netherlands
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?