Researchers and students of the digital
security department of the Radboud University Nijmegen (RUN) in the
Netherlands have discovered what they term a “serious flaw” in the
Mifare Classic contactless smartcard.
security department of the Radboud University Nijmegen (RUN) in the
Netherlands have discovered what they term a “serious flaw” in the
Mifare Classic contactless smartcard.
This claim has brought a fierce reaction from
Mifare Classic’s developer, Nether-lands-based NXP Semiconductors,
which sought but failed to obtain court intervention to prevent the
researchers from making a full public disclosure of their
findings.
Mifare Classic’s developer, Nether-lands-based NXP Semiconductors,
which sought but failed to obtain court intervention to prevent the
researchers from making a full public disclosure of their
findings.
The university’s concerns first surfaced in
March this year and followed a similar claim made by German
researchers Karsten Nohl en Henryk Plötz in December 2007.
March this year and followed a similar claim made by German
researchers Karsten Nohl en Henryk Plötz in December 2007.
If the two research groups’ claims prove
well-founded, security of the world’s most popular radio frequency
identification smartcard would be called into serious
question.
well-founded, security of the world’s most popular radio frequency
identification smartcard would be called into serious
question.
With about 1 billion units in use, the Mifare
Classic contactless smartcard commands a 70 percent global market
share, according to NXP.
Classic contactless smartcard commands a 70 percent global market
share, according to NXP.
Used in a wide range of applications the card
has been particularly successful in public transport where it
accounts for 80 percent of all electronic tickets. Major
contactless payments transport projects that have deployed the card
include those in London (Oyster), Netherlands (OV-chipkaart),
Boston (Charlie Card) and Beijing (One Card).
has been particularly successful in public transport where it
accounts for 80 percent of all electronic tickets. Major
contactless payments transport projects that have deployed the card
include those in London (Oyster), Netherlands (OV-chipkaart),
Boston (Charlie Card) and Beijing (One Card).
According to the RUN digital security
department, researchers they found weaknesses in the authentication
mechanism of the Mifare Classic.
department, researchers they found weaknesses in the authentication
mechanism of the Mifare Classic.
In particular researchers were able to
reconstruct the card’s CRYPTO1 encryption algorithm “in detail” and
discovered “a relatively easy method to retrieve cryptographic
keys, which does not rely on expensive equipment”.
reconstruct the card’s CRYPTO1 encryption algorithm “in detail” and
discovered “a relatively easy method to retrieve cryptographic
keys, which does not rely on expensive equipment”.
“By combining all these ingredients together we
succeeded on mounting an actual attack, in which a Mifare Classic
access control card was successfully cloned,” they added.
succeeded on mounting an actual attack, in which a Mifare Classic
access control card was successfully cloned,” they added.
The researchers continued that at the technical
level there are currently no known countermeasures. Though
shielding cards when they are not in use in, for example, reduces
risk of an attacker secretly reading from a card, when the card is
being used it is still possible to eavesdrop on the communication
with a hidden antenna near the access point, the researchers
stressed.
level there are currently no known countermeasures. Though
shielding cards when they are not in use in, for example, reduces
risk of an attacker secretly reading from a card, when the card is
being used it is still possible to eavesdrop on the communication
with a hidden antenna near the access point, the researchers
stressed.
Go deeper with GlobalData
