Slashdot Mirror
NXP RFID Cracked
kamlapati sends us to EETimes for news that the Chaos Computer Club in Germany and researchers from the University of Virginia have cracked the encryption scheme used in a common RFID chip, NXP's Mifare Classic. According to the article the device is used in many contactless smartcard applications including fare collection, loyalty cards, and access control cards. NXP downplays the significance of the hack, saying that that model of RFID card uses old technology and they do a much better job these days.
I don't doubt for a minute that NXP does a much better job on security these days. But based on past performance, you can bet a lot of the old ones are still floating around, and will be for a long, long time to come.
I've calculated my velocity with such exquisite precision that I have no idea where I am.
This is why RFID is bad. It gets hacked, the banks and credit card companies ignore it and claim it is secure. Wait a week or two and repeat.
Sure it MIGHT be slightly more convenient, but I would rather take the 3 seconds to swipe the card and not have to deal with fraud and identity theft which will take up more time.
RFID is a terrible concept, but at the very least they should make cards with an off switch.
I think there is an old quote that goes something like "we were given 2 minds but only enough blood to run one of them at a time"
--- You shall know the truth, and the truth shall make you mad- Neal (not Cowboy) Boortz
NXP downplays the significance of the hack, saying that that model of RFID card uses old technology and they do a much better job these days.
...except that more than half of the world's largest transit systems use MiFare Classic- they're all truly fucked, and it wouldn't surprise me if the mafia are already cloning/selling counterfeit cards, especially in Asia. Also, apparently in some countries MiFare Classic cards are as prevalent as HID Proxcards are in the US for building access.
Also, for those of you claiming read distance is enough protection- sure, the reader on the bus can only read your card at an inch or two. Well, see- there are commercial solutions that can do much more. HID, for example, makes a one-foot-square reader capable of reading proximity cards at a distance of over a foot, sometimes almost two feet. Antenna size (for receiving the card response) and power levels (for energizing the card) are all that matter here, really.
Now, think about how close you get to people as you board a bus and grab a seat at the back- how many pocketbooks and wallets you can easily come within a foot (or less.) Now think about how big an antenna you could put in a bookbag or briefcase...
Please help metamoderate.
that depends on if you are lawful good or lawful chaotic
Don't worry, NXP sells a new improved RFID chip with better encryption. I'm sure they'll make lots more money as a result of this as all these places using the older chips rush to upgrade.
I guess making the encryption barely good enough is a nice way to ensure you get future orders. Their customers can upgrade for a moderate fee or spend a hell of a lot more to go elsewhere.
I am a free slashdotter. I will not be modded, blogged, DRM'd, patented, podcasted or RFID'd. My life is my own.
Implications: The Philips/NXP proprietary CRYPTO1 stream cipher is broken. This means that any card which relies on this algorithm to encrypt data being transmitted, can have that encrypted data compromised. It appears that the keys can also be compromised, so the whole card can be "cloned". This compromises the essence of the smart card, which is not supposed to be reproducible because private keys are supposed to remain secret. If the card in question was an access card to a corporation's secure facilities (and Mifare is very much used for such things) then these access cards can now easily be copied, cloned.
... and where CRYPTO1 is being used to protect sensitive data.
I don't think that CRYPTO1 use is limited to contactless (RFID) cards. Presumably, any smart card (whether wireless or not) that uses CRYPTO1 to protect data is now compromised.
It's tough to pinpoint the security implications because it depends on what cards out there in the world (and there are a TON of Mifare cards in use!)
The fun, for the years ahead, will be in discovering where these implementations exist in the real world. In the software world we know that people are slow enough updating compromised software. Well this is HARDWARE we're talking about, with millions (or more?) deployed vulnerable smart cards, in a variety of potentially vulnerable settings.
Watch the video of the hack:
http://video.google.com/videoplay?docid=4252367680974396650&hl=en
That's not really fair. When MIFARE "classic" was first released, it wasn't really possible to get strong encryption in a passive, contactless form factor. Not only that, there were also cryptography import/export regulations that limited the key size to 40 bits. As technology has progressed, the MIFARE brand has grown to include other technologies which are very secure and don't use proprietary algorithms. Current-generation devices use AES, for example.
Many customers of the various contactless smart card vendors have continued choosing MIFARE "classic", in spite of the fact that the security industry has been telling them for years that it wasn't a good idea. Why? Cost. The old technology was very simple, which translates to low silicon real-estate requirements, which translates to cheap.
If NXP and other vendors of MIFARE classic chips are at fault in any way, it's just for not being a little more aggressive in trying to talk customers out of choosing the cheap option. In many cases, the customers' business model couldn't accommodate a more expensive chip, so telling them not to use crappy security would have meant losing the business entirely. Personally, I told my clients not to use MIFARE classic even if it torpedoed the project, but others were more... "sales-oriented" is a nice way of putting it.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
You should do it, then, and make a name for yourself. The maximum range that anyone has been able to communicate with these chips is about three meters, and that in a carefully-controlled, RF-damped lab environment[*].
Part of the thing that makes it so difficult is that the card is powered by inductance from the reader's field. Since power delivered to the card decreases with the cube of distance, this means that as range increases the power requirements go up dramatically. Another part of the problem is that the signal transmitted by the card is very weak and omnidirectional. While the reader can use a directional antenna to increase the effective range at which it can deliver sufficient power and a strong signal, the card does no such thing, meaning its signal rapidly falls below the noise floor as the distance increases.
[*] There are some papers floating around that demonstrate ability to communicate with a contactless smart card from arbitrary distances, but they do it by putting a powered repeater right next to the card.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.