NXP RFID Cracked

kamlapati sends us to EETimes for news that the Chaos Computer Club in Germany and researchers from the University of Virginia have cracked the encryption scheme used in a common RFID chip, NXP's Mifare Classic. According to the article the device is used in many contactless smartcard applications including fare collection, loyalty cards, and access control cards. NXP downplays the significance of the hack, saying that that model of RFID card uses old technology and they do a much better job these days.

Security implications?

What sort of security implications would this hack cause?
Is this simply lowering the security down to the same level as a barcode but with radio transmission?

Re:Security implications?

[Teppic_52]

It's actually written into the Mifare standard that the range of card reads is below a certain value (~100mm from memory).
Obviously the design of the reader itself is mostly responsible for the read range, however this does mean that there are no long range readers in circulation ATM, unlike the old 128KHz cards.
This type of card does require active comms with the reader (has a 2 way authentication mechanism) and will be much harder for engineers to produce long range readers as the card itself was never designed for it.

For the record, this particular standard has been regarded as out of date, and not too secure, for some time now within the physical electronic security industry. It has also been wrongly applied in most cases where the cards serial number is used as a credential, instead of storing access control data in your own application area with your own crypto keys, though this is mostly redundant now in the wake of this news...

Re:Transit passes...

[theheadlessrabbit]

I'm sure it will be possible to change/hack a farecard soon enough. there are millions of people who use the cards every day, and many of them are nerds/cheep-asses. its only a matter of time.

A few years ago, my roommate and I built a credit card reader/copier for under $10.
We copied a few metro passes (magnetic strip, no RFID)just to see if it would work, and we learned that it does, but you can't pass the 'same' card through the system 2 times n a row. my friend got the embarasing warning buzzer, and he was the one with the legetimate pass!
they accsed us of doing a passback. we just played dumb.
"no we didn't! i made a copy of his card! its right here! try it! see! there was no passback!" is a very bad defence.

we only used it once, just to see if it would work, then destroyed it.
My advice is: you should be very careful with this kind of stuff. Not only unethical and wrong, it is also illegal.

Re:Frustrating, but not really...

[v1]

I'd first have to assume that directional antennas work at range. Has anyone tried hacking together a nice gain antenna to an RFID reader, to see how many feet away you can be to read one?

Re:Possible to duplicate RFID cards?

[langelgjm]

I would love to copy the RFID element onto a keyfob like I have for the office, so I can just dig out my keychain - easy to find, easy to retrieve from a pocket - instead of a big flat card. Is this a service anyone offers, or is it something I can do on my own with the right equipment (preferably $50 of course)?

It depends on the card technology. Most stuff these days (transit passes, etc.) seem to be using 13.56 MHz equipment, but some low-security access applications still use the old 125 kHz technology. I don't really know anything about 13.56 MHz equipment. As for 125 kHz stuff, it's trivial to read the data from the card, and there are a lot of RFID kits out there that will let you write data to cards. I am specifically looking at this kit for writing to 125 kHz cards.

First thing you'd need to do is to find out what kind of reader it is - get the brand name, go to the website, and find the model that looks like your reader. Check the datasheet to find out what kind of cards it reads, etc. That'll get you started. All that said, it'll probably be a lot simpler (and for one or two cards, cheaper) just to buy them :-)