Slashdot Mirror
NXP RFID Cracked
kamlapati sends us to EETimes for news that the Chaos Computer Club in Germany and researchers from the University of Virginia have cracked the encryption scheme used in a common RFID chip, NXP's Mifare Classic. According to the article the device is used in many contactless smartcard applications including fare collection, loyalty cards, and access control cards. NXP downplays the significance of the hack, saying that that model of RFID card uses old technology and they do a much better job these days.
I'm sure it will be possible to change/hack a farecard soon enough. there are millions of people who use the cards every day, and many of them are nerds/cheep-asses. its only a matter of time.
A few years ago, my roommate and I built a credit card reader/copier for under $10.
We copied a few metro passes (magnetic strip, no RFID)just to see if it would work, and we learned that it does, but you can't pass the 'same' card through the system 2 times n a row. my friend got the embarasing warning buzzer, and he was the one with the legetimate pass!
they accsed us of doing a passback. we just played dumb.
"no we didn't! i made a copy of his card! its right here! try it! see! there was no passback!" is a very bad defence.
we only used it once, just to see if it would work, then destroyed it.
My advice is: you should be very careful with this kind of stuff. Not only unethical and wrong, it is also illegal.
-I only code in BASIC.-
Don't worry, NXP sells a new improved RFID chip with better encryption. I'm sure they'll make lots more money as a result of this as all these places using the older chips rush to upgrade.
I guess making the encryption barely good enough is a nice way to ensure you get future orders. Their customers can upgrade for a moderate fee or spend a hell of a lot more to go elsewhere.
I am a free slashdotter. I will not be modded, blogged, DRM'd, patented, podcasted or RFID'd. My life is my own.