Slashdot Mirror
NXP RFID Cracked
kamlapati sends us to EETimes for news that the Chaos Computer Club in Germany and researchers from the University of Virginia have cracked the encryption scheme used in a common RFID chip, NXP's Mifare Classic. According to the article the device is used in many contactless smartcard applications including fare collection, loyalty cards, and access control cards. NXP downplays the significance of the hack, saying that that model of RFID card uses old technology and they do a much better job these days.
I don't doubt for a minute that NXP does a much better job on security these days. But based on past performance, you can bet a lot of the old ones are still floating around, and will be for a long, long time to come.
I've calculated my velocity with such exquisite precision that I have no idea where I am.
This is why RFID is bad. It gets hacked, the banks and credit card companies ignore it and claim it is secure. Wait a week or two and repeat.
Sure it MIGHT be slightly more convenient, but I would rather take the 3 seconds to swipe the card and not have to deal with fraud and identity theft which will take up more time.
RFID is a terrible concept, but at the very least they should make cards with an off switch.
NXP downplays the significance of the hack, saying that that model of RFID card uses old technology and they do a much better job these days.
...except that more than half of the world's largest transit systems use MiFare Classic- they're all truly fucked, and it wouldn't surprise me if the mafia are already cloning/selling counterfeit cards, especially in Asia. Also, apparently in some countries MiFare Classic cards are as prevalent as HID Proxcards are in the US for building access.
Also, for those of you claiming read distance is enough protection- sure, the reader on the bus can only read your card at an inch or two. Well, see- there are commercial solutions that can do much more. HID, for example, makes a one-foot-square reader capable of reading proximity cards at a distance of over a foot, sometimes almost two feet. Antenna size (for receiving the card response) and power levels (for energizing the card) are all that matter here, really.
Now, think about how close you get to people as you board a bus and grab a seat at the back- how many pocketbooks and wallets you can easily come within a foot (or less.) Now think about how big an antenna you could put in a bookbag or briefcase...
Please help metamoderate.
that depends on if you are lawful good or lawful chaotic
Don't worry, NXP sells a new improved RFID chip with better encryption. I'm sure they'll make lots more money as a result of this as all these places using the older chips rush to upgrade.
I guess making the encryption barely good enough is a nice way to ensure you get future orders. Their customers can upgrade for a moderate fee or spend a hell of a lot more to go elsewhere.
I am a free slashdotter. I will not be modded, blogged, DRM'd, patented, podcasted or RFID'd. My life is my own.
Implications: The Philips/NXP proprietary CRYPTO1 stream cipher is broken. This means that any card which relies on this algorithm to encrypt data being transmitted, can have that encrypted data compromised. It appears that the keys can also be compromised, so the whole card can be "cloned". This compromises the essence of the smart card, which is not supposed to be reproducible because private keys are supposed to remain secret. If the card in question was an access card to a corporation's secure facilities (and Mifare is very much used for such things) then these access cards can now easily be copied, cloned.
... and where CRYPTO1 is being used to protect sensitive data.
I don't think that CRYPTO1 use is limited to contactless (RFID) cards. Presumably, any smart card (whether wireless or not) that uses CRYPTO1 to protect data is now compromised.
It's tough to pinpoint the security implications because it depends on what cards out there in the world (and there are a TON of Mifare cards in use!)
The fun, for the years ahead, will be in discovering where these implementations exist in the real world. In the software world we know that people are slow enough updating compromised software. Well this is HARDWARE we're talking about, with millions (or more?) deployed vulnerable smart cards, in a variety of potentially vulnerable settings.