More on the Mifare Hacks
Contributed by Joanne C. Kelleher
Over one billion of MiFare Classic chips are used worldwide, including in many access control keys, governmental security systems and transportation or subway passes cards such as London’s Oyster card, Boston’s CharlieCard, and the planned OV-Chipkaart in Netherlands. Last month I covered the story of how the MiFare security had been breached by two different teams and the reaction from the security community and NXP Semiconductors, see “Mifare Hacks And Risk Assessments” – http://www.securerf.com/RFID-Security-blog/?p=46. Research related to this hack continues.
Karsten Nohl, one of the computer science graduate students behind reverse-engineering MiFare security, said on Tuesday at EuroCrypt, an international cryptography conference in Istanbul, that it now takes only 12 seconds to recover the key on a MiFare Classic card on an ordinary laptop. Last month this was estimated to be a few hours.
“There is no need for the attacker to interact actively with the physical card itself. Passive eavesdropping suffices; the attack can take place from a distance. A passive attack from 10 meters away would take a little bit longer than an active attack, Nohl said — about 200 seconds. The attack works for any random number generator; it also works against the Crypto-1 cipher in the beefed-up MiFare Plus card.”
Computerworld
MiFare RFID crack more extensive than previously thought – Seconds, not hours, to effect; plus version tappable too
http://computerworld.com/action/article.do?command=printArticleBasic&articleId=9078038
“Last weekend, researchers of the University College London and the University of Virginia reported that they were also able to recover the algorithm. The researchers recovered the full 48-bit key in 200 seconds on a single PC.”
The Register
Dutch transit card crippled by multihacks
http://www.theregister.co.uk/2008/04/16/dutch_transit_card_crippled/
“A panel of experts from the Information Security Group (ISG) at Royal Holloway, University of London, led by the ISG Smart Card Center (SCC), recently reviewed the findings of the TNO, which reported on the security of the MiFare Classic chip used in the OV-Chipkaart. The panel ultimately suggests that the Dutch Government replace the cards because of severe failings with security.”
The Tech Herald
Replacement suggested for NXP chips used in OV-Chipkaart
http://www.thetechherald.com/article.php/200816/701/Replacement-suggested-for-NXP-chips-used-in-OV-Chipkaart
I’m not surprised to see that the MiFare can be attacked from a distance, which is one of the benefits of using RFID. But, the Computerworld article is the first place I’ve seen that this attack also works against the newly announced, but not yet available, MiFare Plus card.
Ride free or not at all: London’s Oyster card hacked at RFID Security on 24 Jun 2008 at 9:34 am
[...] to crack the Mifare Classic card from NXP (see http://www.securerf.com/RFID-Security-blog/?p=46 and http://www.securerf.com/RFID-Security-blog/?p=53 ), Dutch security researchers were able to hack and clone London’s Oyster card and ride the system [...]
NXP Injunction Against Mifare Hacking Report is Denied at RFID Security on 18 Jul 2008 at 2:23 pm
[...] that publishing the report is ‘irresponsible’. Details about the Mifare hack are at http://www.securerf.com/RFID-Security-blog/?p=53 and [...]
Hello? Democracys calling! « vorblog on 14 Nov 2009 at 7:12 am
[...] really is a reason for major concern. It’s not just that RFID is extremely unsafe (see here, here, or here), it also raises serious privacy concerns, e.g.: Every single move can be tracked even [...]
Hello? Democracy’s calling! (Update) « vorblog on 29 Dec 2009 at 3:35 pm
[...] really is a reason for major concern. It’s not just that RFID is extremely unsafe (see here, here, or here), it also raises serious [...]