Slashdot Mirror
NXP RFID Cracked
kamlapati sends us to EETimes for news that the Chaos Computer Club in Germany and researchers from the University of Virginia have cracked the encryption scheme used in a common RFID chip, NXP's Mifare Classic. According to the article the device is used in many contactless smartcard applications including fare collection, loyalty cards, and access control cards. NXP downplays the significance of the hack, saying that that model of RFID card uses old technology and they do a much better job these days.
What sort of security implications would this hack cause?
Is this simply lowering the security down to the same level as a barcode but with radio transmission?
Since RFID needs close proximity to be read, I'm TOO concerned.
It'd be pretty noticeable if someone had a high powered RFID antenna/reader - if they were trying to move it.
But, since it would be easy to install a modified high power RFID reader in a convenience store stand, near a window or in a mailbox on a street corner, this could become a problem.
I guess it means that I'll be wearing tinfoil pants as well as a hat, to keep THEM from reading my mind, and my credit card. And password. And the chip in my dog.
Is this the same hack that theregister.co.uk reported over two weeks ago?
(So no, I didn't RTFA.) The Tube in London and the Boston MBTA subway use Mifare.
(*I am not actually interested in hacking my fare card, as such an action is not only unethical and wrong, but seems risky. And the transit fares I pay are dwarfed by my rent anyway...)
The World Wide Web is dying. Soon, we shall have only the Internet.
Now prepare to be sued under the DMCA.
I don't doubt for a minute that NXP does a much better job on security these days. But based on past performance, you can bet a lot of the old ones are still floating around, and will be for a long, long time to come.
I've calculated my velocity with such exquisite precision that I have no idea where I am.
Yep, its a bit out of date but still worth a look if you havent seen it. Free transport FTW! This link has an hour long lecture/display of the processes used: http://www.hackaday.com/2008/01/01/24c3-mifare-crypto1-rfid-completely-broken/
Those who can, do. Those who cannot, sue.
c'mon, Slashdot....this was reported all over the place a few weeks ago!
This is why RFID is bad. It gets hacked, the banks and credit card companies ignore it and claim it is secure. Wait a week or two and repeat.
Sure it MIGHT be slightly more convenient, but I would rather take the 3 seconds to swipe the card and not have to deal with fraud and identity theft which will take up more time.
RFID is a terrible concept, but at the very least they should make cards with an off switch.
Next hackers to try the new stuff in 3... 2.... 1...
H4x0r3d !! All your code are belong to us!
Seriously, I know they need to try, but personally I don't think they ever try hard enough. Mostly this is due to convenience of not having to generate millions of keys and other such secure ideas. Sometimes I wonder why they try to make it cheap instead of just trying to make is safe? To save a couple of bucks per device? Security is not cheap or easy. period. ever.
Support NYCountryLawyer RIAA vs People
What is going on? Why aren't there any april fools posts? From omgponies to this? Is something broken or is the joke on me? I didn't see some obvious ones so I submitted them, yet still not posted. I'm sooo confused.....
This very same hack, of the NXP Mifare Classic, was widely published in the Dutch media about a month ago. Only it was first done by students of the Radbout University of Nijmegen, who set out to prove that the encryption of the new start card system to be used on all of Holland's public transport system, using the Mifare Classic, was insecure. They wildly succeeded: the issue led to lots of debate in parliament and possible postponing of the whole (horrible) idea.
Link in Dutch: http://tweakers.net/nieuws/52381/mifare-chips-eenvoudig-volledig-te-kraken.html
kamlapati sends us to EETimes for news that the Chaos Computer Club in Germany and researchers from the University of Virginia have cracked the encryption scheme used in a common RFID chip,
Dammit - that's the second time this week I've scanned the story too fast and wondered why on earth a German Computer Chess Club cared so much about internet security...
I just moved into an apartment building that uses a card to access the lift. The sensor is at shoulder height so I can't just hip-swipe it.
Digging this card out every time I want to go home is annoying me tremendously. It's hard to fish it out of my pocket when I am carrying other stuff, and often ends up sending bits of cash flying everywhere.
Additionally, the building charges US$50 (nonrefundable) for a spare card, so when we have houseguests, we end up playing all kinds of games to make sure everyone can get back in from wandering around.
I would love to copy the RFID element onto a keyfob like I have for the office, so I can just dig out my keychain - easy to find, easy to retrieve from a pocket - instead of a big flat card. Is this a service anyone offers, or is it something I can do on my own with the right equipment (preferably $50 of course)?
"Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
NXP downplays the significance of the hack, saying that that model of RFID card uses old technology and they do a much better job these days.
...except that more than half of the world's largest transit systems use MiFare Classic- they're all truly fucked, and it wouldn't surprise me if the mafia are already cloning/selling counterfeit cards, especially in Asia. Also, apparently in some countries MiFare Classic cards are as prevalent as HID Proxcards are in the US for building access.
Also, for those of you claiming read distance is enough protection- sure, the reader on the bus can only read your card at an inch or two. Well, see- there are commercial solutions that can do much more. HID, for example, makes a one-foot-square reader capable of reading proximity cards at a distance of over a foot, sometimes almost two feet. Antenna size (for receiving the card response) and power levels (for energizing the card) are all that matter here, really.
Now, think about how close you get to people as you board a bus and grab a seat at the back- how many pocketbooks and wallets you can easily come within a foot (or less.) Now think about how big an antenna you could put in a bookbag or briefcase...
Please help metamoderate.
about 30-90 meters with line of sight.
That's right. Science. We have reached the point where we might have to send a technician out to do a firmware update on *a crate of soup*.
"Oh, no, sonny. That there pallet's running v1.47a -- the cyberinjuns cracked that dekacycles ago. Hardly know what's in there now. Could be tomato, could be chicken noodle. Send that back on the factory. We'll get you some nice v1.49 soup out here. Won't be half a cycle."
Yahoo! Pipes are awesome. How awesome? http://pipes.yahoo.com/jesdynf/slashdot
I used to work for a large company that deals with transit smart card applications (including Mifare Classic) and despite the other flaws in the system one thing they did do was encryption on the updated buffer they sent it back to the card if they thought the card encryption was too weak. So not only do you have the card encryption, you also have encryption of the data going onto the card and keyed secure hashes to ensure it hadn't been modified by a 3rd party even if the other 2 layers of encryption were broken.
Can't speak for other manufacturers, but ours were secured up the ying-yang.
Microwatt transmitters are routinely read at distances of dozens or hundreds of kilometres 1, 2. I don't see why a quarter milliwatt RFID chip couldn't be read from similar distances.
When our name is on the back of your car, we're behind you all the way!
Although the eetimes article in the link says the encryption was broken easily, the way they developed the attack does not seem to be easy in any sense of the word. They analyzed the chip using high powered microscopes and slicing off layers to analyze the gates involved in the encryption. If that's considered "easy", then I'd sure like to see what eetimes considers "hard".
Why not disallow hammering? I mean have the chip block attempts more than 1ce per 30seconds. In a bus pass system i cannot see this being a problem. Or better yet, have it beep when it gets read. I'd love to see someone trolling for a pass and 60 peoples cards beep. This of course would solve the pass system only, not shipping or w/e but they don't use it in a security intensive system (ussually).
Forget the soup!
Can they read the chip on my shoulder?
While your mag-stripe system was the dumbest in existence and completely disconnected, most of these RFID systems don't just keep info on these cards, there also is the central system, which is the authoritative repository. This is how they do re-charging over the internet (like you can do with Oyster in London) or replacing lost cards.
A cracked card may well work on disconnected readers that synchronize at intervals but when this sync occurs it will be easy to detect fraud. That can disable the card and while some very savvy people can constantly fake a new one for every trip, there won't be the possibility of selling pre-paid cards with lots of credit to the public at large. Also, the time stamp of when the card was used can be correlated with CCTV footage. Smile!
Somehow I don't think cracked cards are going to be a major hassle for transit systems.
I wouldn't use them for access to secure areas, but then again, the majority of building access is still done by very dumb 125KHz HID Prox cards that are not encrypted at all.
Put your antenna in a van, with your power hungry amplifier, then put a hole in the van before the antenna, and put some material which is transparent to that frequency, but opaque to normal sight. Park your van in LOS of what you want to check out. Naturally works only in the street, but that should open you some nice application.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
You have to power the thing from the RFID reader to get a synchronized and readable signal. If you're going to design an RFID reader powerful enough to charge up an RFID tag from hundreds of kilometers, can I get you to run it past the designers of the hadron supercollider to make sure you're not generating micro black holes that will devour the Earth?
More seriously, if you trigger one RFID tag at that range, you're going to trigger every other tag in the beam of your reader. Sorting out that noise isn't going to work well at dozens of kilometers range, even if the power involved doesn't cook any birds flying overhead.
Hello Kittified tinfoil hats for your RFID cards.
To clarify a few things. First of all this has been known for a few months. The earliest mention I saw was December 29, 2007: MiFare's CRYPTO1 algorithm mostly reverse-engineered. More information, including a slide show, is presented in this January 1, 2008 post: Mifare crypto1 RFID completely broken
Quick background: NXP (Philips) creates a line of smart cards called "Mifare" based on proprietary protocols, including the CRYPTO1 cipher (undocumented, proprietary). There are a lot of Mifare cards deployed, and there is a huge element of security through obscurity especially if you rely on proprietary protocols, such as CRYPTO1 algorithm.
This research, as linked above (and posted in this slashdot article... old news) shows that CRYPTO1 stream cipher is horribly broken, based on a terribly insufficient random number generator. Besides busting this example of security through obscurity, the target technology is actually deployed in a very wide range of uses. Meaning, this attack has many real world consequences.
...because the crack was already done a few months ago - I think the referred article only just picked it up
Slashdot: stuff for news, nerds that matter, matter for news, stuff that nerd
The announcement of a new stronger card format for Mifare cards didnt come as much of a supprise after they announced that mifare was 'crackable'. However, the demo and explination of how they cracked it is somewhat dubious. What i mean by this is that the cards have several data size formats but each card has a number of data sectors with read write keys. These keys can be the same or they can differ i.e one RW pair for each memory block. Theyve cracked one sector with one RW key, but not all. Thus cloning cards will still be near impossible - yes i know this is relative in computing terms.
I've seen a lot of very uninformed comments on 'high gain antennas'
MiFare is a 13.56MHz system (ISM band), that uses H-Field coupling (ie near field magnetic coupling) in a loose transformer coupled arrangement.
The near field attenuates at 1/r^3, and as a rough guide you can read this type of tag to about 1.5 x loop diameter.
At 13.56Mhz, you can only make the antenna so large before the inductance of the antenna makes it impossible to resonate.
We in fact have a complex stub tuned antenna of about 1m diam, and that was difficult.
Another problem, is you have to start pumping out so much power, it becomes extremely difficult to see modulation on the carrier above the TX noise.
Now that said, it sounds like NXP (who have one of the worst web sites on the net), are in deep doodoo.
The reason is that MIFARE has huge rollouts in transportation systems, especially in asia, and these cards contain real monetary value.
System integrators, are now going to have to put extra work into either live back to central database checking (which will be hard on mobile platforms like busses), or upgrade systems to the triple des encrypted (and more expensive) cards.
46137
I can't wait until the RFID systems in place for government issued passes and such are cracked, too.
Destroy their usefulness... ALL OF THEM.
You should do it, then, and make a name for yourself. The maximum range that anyone has been able to communicate with these chips is about three meters, and that in a carefully-controlled, RF-damped lab environment[*].
Part of the thing that makes it so difficult is that the card is powered by inductance from the reader's field. Since power delivered to the card decreases with the cube of distance, this means that as range increases the power requirements go up dramatically. Another part of the problem is that the signal transmitted by the card is very weak and omnidirectional. While the reader can use a directional antenna to increase the effective range at which it can deliver sufficient power and a strong signal, the card does no such thing, meaning its signal rapidly falls below the noise floor as the distance increases.
[*] There are some papers floating around that demonstrate ability to communicate with a contactless smart card from arbitrary distances, but they do it by putting a powered repeater right next to the card.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
A couple of very important clarifications to make your claims more accurate.
1. In the smart card industry, Mifare isn't categorized as a smart card. A smart card typically has an operating system running on it so one can create their own on-card applications. The cards provide RSA crypto functions (low end have AES only) with a strong emphasis on secure storage measured in a few Kbytes. This is different than Mifare.
2. Mifare can be categorized as a single purpose card. It does a few things quickly and not secure as compared to a smart card. The primary application for MiFare is quick and cheap authentication and possibly value transfer measured in a dollar or two.
In theory the crack could be used to steal subway rides. How do you go about figuring out which systems are still on this card version??? And how much are you stealing? The bigger crack that's already been done is stealing gas with a dynamic PayPass. With both cracks no one is getting rich and the systems are not as compromised as the summary would have you believe.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
Excellent.
So instead of the pesky kids getting free London bus travel, the geeks in their 30s who've been paying over the odds for years can go free on the Tube!
Nice one.
I've read one of these cards from over a mile away.
Unfortunately my gigawatt Tesla coil killed everyone within 40 feet.
I don't know about angles, but it's fear that gives men wings. -Max Payne