RFID Security

Contributed by Joanne C. Kelleher

Karsten Nohl, the researcher and hacker who almost two years ago declared that Mifare was insecure, will be speaking at the January RFID Security Alliance meeting and recently made two presentations at the 26th Chaos Communication Congress (CCC) conference – http://events.ccc.de/congress/2009/Fahrplan/speakers/1317.en.html . 

These CCC presentations have received some widespread press.  One was about cloning the radio frequency IDs from the “Prime” product line of Swiss manufacturer Legic. The second divulged cell phone encryption codes, see the NY Times article at http://www.nytimes.com/2009/12/29/technology/29hack.html?_r=1&scp=1&sq=karsten%20nohl&st=cse .

If you want to see Karsten’s slides from his talks about these 2 hacks, you can find them here:

• Cloning RFID from Legic: http://events.ccc.de/congress/2009/Fahrplan/events/3709.en.html. This was especially interesting to see the process they went through to try and break the cards.
• Cell phone Encryption Codes: http://events.ccc.de/congress/2009/Fahrplan/events/3654.en.html

Karsten will be leading a discussion about Mifare and several other types of ‘secure’ RFID which have been broken at the January 13, 2010 RFID Security Alliance meeting, which can be attended live in California or via phone. For more details about this meeting see http://rfidsa.blogspot.com/2010/01/karsten-nohl-to-discuss-hacking-mifare.html.