Slashdot Mirror

← Back to Stories (view on slashdot.org)

NXP RFID Cracked

Posted by kdawson on from the that-was-easy dept.

kamlapati sends us to EETimes for news that the Chaos Computer Club in Germany and researchers from the University of Virginia have cracked the encryption scheme used in a common RFID chip, NXP's Mifare Classic. According to the article the device is used in many contactless smartcard applications including fare collection, loyalty cards, and access control cards. NXP downplays the significance of the hack, saying that that model of RFID card uses old technology and they do a much better job these days.

9 of 111 comments (clear)

  1. Security implications? by Anonymous Coward · · Score: 4, Interesting

    What sort of security implications would this hack cause?
    Is this simply lowering the security down to the same level as a barcode but with radio transmission?

    1. Re:Security implications? by Teppic_52 · · Score: 3, Interesting

      It's actually written into the Mifare standard that the range of card reads is below a certain value (~100mm from memory).
      Obviously the design of the reader itself is mostly responsible for the read range, however this does mean that there are no long range readers in circulation ATM, unlike the old 128KHz cards.
      This type of card does require active comms with the reader (has a 2 way authentication mechanism) and will be much harder for engineers to produce long range readers as the card itself was never designed for it.

      For the record, this particular standard has been regarded as out of date, and not too secure, for some time now within the physical electronic security industry. It has also been wrongly applied in most cases where the cards serial number is used as a credential, instead of storing access control data in your own application area with your own crypto keys, though this is mostly redundant now in the wake of this news...

  2. Re:Transit passes... by theheadlessrabbit · · Score: 5, Interesting

    I'm sure it will be possible to change/hack a farecard soon enough. there are millions of people who use the cards every day, and many of them are nerds/cheep-asses. its only a matter of time.

    A few years ago, my roommate and I built a credit card reader/copier for under $10.
    We copied a few metro passes (magnetic strip, no RFID)just to see if it would work, and we learned that it does, but you can't pass the 'same' card through the system 2 times n a row. my friend got the embarasing warning buzzer, and he was the one with the legetimate pass!
    they accsed us of doing a passback. we just played dumb.
    "no we didn't! i made a copy of his card! its right here! try it! see! there was no passback!" is a very bad defence.

    we only used it once, just to see if it would work, then destroyed it.
    My advice is: you should be very careful with this kind of stuff. Not only unethical and wrong, it is also illegal.

    --
    -I only code in BASIC.-
  3. Re:Frustrating, but not really... by v1 · · Score: 3, Interesting

    I'd first have to assume that directional antennas work at range. Has anyone tried hacking together a nice gain antenna to an RFID reader, to see how many feet away you can be to read one?

    --
    I work for the Department of Redundancy Department.
  4. Possible to duplicate RFID cards? by raju1kabir · · Score: 2, Interesting

    I just moved into an apartment building that uses a card to access the lift. The sensor is at shoulder height so I can't just hip-swipe it.

    Digging this card out every time I want to go home is annoying me tremendously. It's hard to fish it out of my pocket when I am carrying other stuff, and often ends up sending bits of cash flying everywhere.

    Additionally, the building charges US$50 (nonrefundable) for a spare card, so when we have houseguests, we end up playing all kinds of games to make sure everyone can get back in from wandering around.

    I would love to copy the RFID element onto a keyfob like I have for the office, so I can just dig out my keychain - easy to find, easy to retrieve from a pocket - instead of a big flat card. Is this a service anyone offers, or is it something I can do on my own with the right equipment (preferably $50 of course)?

    --
    "Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
    1. Re:Possible to duplicate RFID cards? by langelgjm · · Score: 4, Interesting

      I would love to copy the RFID element onto a keyfob like I have for the office, so I can just dig out my keychain - easy to find, easy to retrieve from a pocket - instead of a big flat card. Is this a service anyone offers, or is it something I can do on my own with the right equipment (preferably $50 of course)?

      It depends on the card technology. Most stuff these days (transit passes, etc.) seem to be using 13.56 MHz equipment, but some low-security access applications still use the old 125 kHz technology. I don't really know anything about 13.56 MHz equipment. As for 125 kHz stuff, it's trivial to read the data from the card, and there are a lot of RFID kits out there that will let you write data to cards. I am specifically looking at this kit for writing to 125 kHz cards.

      First thing you'd need to do is to find out what kind of reader it is - get the brand name, go to the website, and find the model that looks like your reader. Check the datasheet to find out what kind of cards it reads, etc. That'll get you started. All that said, it'll probably be a lot simpler (and for one or two cards, cheaper) just to buy them :-)

      --
      "Anyone who [rips a CD] is probably engaging in copyright infringement." - David O. Carson
  5. yes by Anonymous Coward · · Score: 1, Interesting

    about 30-90 meters with line of sight.

  6. hardhack by joeflies · · Score: 2, Interesting

    Although the eetimes article in the link says the encryption was broken easily, the way they developed the attack does not seem to be easy in any sense of the word. They analyzed the chip using high powered microscopes and slicing off layers to analyze the gates involved in the encryption. If that's considered "easy", then I'd sure like to see what eetimes considers "hard".

  7. Re:Frustrating, but not really... by Anonymous Coward · · Score: 2, Interesting

    It depends a lot on the details of the specific RFID implementation. Current "smart" credit cards, for example, use active (i.e. battery-powered) tags in the 13.56 MHz (HF) band. With a large enough antenna and a high-gain amplifier, one of these can feasibly be read from a pretty good distance - maybe 30 or 50 feet given a clear line of sight. That said, a high-gain antenna at 13.56 MHz is *big*, and very difficult to hide, especially if it's attached to a huge power-hungry amplifier to pick out the tag response.

    It is more difficult to activate passive (i.e. powered wirelessly by the reader's interrogation signal) tags from great distances, but afaik engineers haven't worked out how to perform good encryption with this tiny amount of power, so these tags are not appropriate for security-sensitive applications.