NXP Injunction Against Mifare Hacking Report is Denied
Contributed by Joanne C. Kelleher
NXP Semiconductors took researchers at Radboud University in Nijmegen to court in an attempt to stop them publishing their controversial report on the security aspects of the Mifare Classic chip. Over one billion of MiFare Classic chips are used worldwide, including in many access control keys, governmental security systems and transportation or subway passes cards such as London’s Oyster card, Boston’s CharlieCard, and the planned OV-Chipkaart in Netherlands. NXP spokesperson Martijn van der Linden told Dutch news site Webwereld that publishing the report is ‘irresponsible’.
Details about the Mifare hack are at http://www.securerf.com/RFID-Security-blog/?p=53 and http://www.securerf.com/RFID-Security-blog/?p=46.
Last week, Karston Nohl, a computer science graduate students who also reverse-engineering MiFare security said “My opinion, [on the lawsuit, is that] NXP probably made the worst possible decision by suing academic researchers. Not only do they have no legal case whatsoever, because all the results were legally obtained through reverse engineering with no help from NXP. They also take away any trust that has existed between researchers and NXP before.”
The Dutch court has just ruled against NXP’s injunction and has allowed the researchers to move forward with publishing their report.
“This requires a balancing of interests,” the court stated. “It should be considered that the publication of scientific studies carries a lot of weight in a democratic society, as does informing society about serious issues in the chip, because it allows for mitigating of the risks.”
“Damage to NXP is not the result of the publication of the article but of the production and sale of a chip that appears to have shortcomings,” the court said.
I’m glad to see that the ruling went this way. To stop researchers from publishing the results of their work that shines poorly on the decisions made by large corporations is a bad precedent.
NXP to sue researchers over Mifare chip ‘hack’
EE Times
http://eetimes.eu/germany/208803312;jsessionid=ALPCJ1REV2QVCQSNDLPCKH0CJUNN2JVNNohl: NXP making ‘terrible decision’
Contactless News
http://www.contactlessnews.com/news/2008/07/10/nohl-nxp-making-terrible-decision/Dutch courts OKs publishing how to hack NXP chip
Guardian
http://www.guardian.co.uk/business/feedarticle/7661637NXP denied in court against Dutch security researchers
EE Times
http: showArticle.jhtml?articleID=”209101132
Bookmarks about Hacking on 07 Oct 2008 at 8:30 pm
[...] – bookmarked by 2 members originally found by Jordanizfoine on 2008-09-19 NXP Injunction Against Mifare Hacking Report is Denied http://www.securerf.com/RFID-Security-blog/?p=67 – bookmarked by 4 members originally found by [...]
Got $250? Cloning Electronic Passport Cards at RFID Security on 04 Feb 2009 at 9:57 am
[...] As we get closer to this convention it will be interesting to see if Paget is allowed to give this presentation. Researchers who have planned to discuss how they hacked RFID have been stopped in the past by legal maneuvering. In August the Massachusetts Bay Transit Authority was successful in obtaining a temporary 10 day injunction against three MIT students preventing them from giving the planned presentation at DEFCON about how they hacked the CharlieCard which is based on the Mifare Classic card from NXP. See A Quiz on Hacking Transportation Cards. A similar injunction was requested by NXP against researchers at Radboud University in Nijmegen. See NXP Injunction Against Mifare Hacking Report is Denied. [...]