Slashdot Mirror

← Back to Stories (view on slashdot.org)

German Researchers Crack Mifare RFID Encryption

Posted by Soulskill on from the setting-'em-up-and-knocking-'em-down dept.

jfruhlinger writes "The long-running security battle has seesawed against RFID cards, as German researchers revealed a way to clone one type of card currently used for a variety of purposes, from transit fares to opening doors in NASA facilities." According to the article, "NXP Semiconductors, which owns Mifare, put out an alert to customers warning that the security had been cracked on its MIFARE DESFire (MF3ICD40) smartcard but saying that model would be discontinued by the end of the year and encouraging customers to upgrade to the EV1 version of the card." This response may sound familiar.

2 of 44 comments (clear)

  1. RFID cracked? Shocking! by Baloroth · · Score: 5, Informative

    But seriously, RFID isn't secure against dedicated attackers. The fact that this vulnerability was known way back when the cards were first made leads me to suspect that they didn't create protection against it then so that they could sell their newer cards now, and save a few bucks at the time. Conveniently, the newer cards are even backwards compatible. Cynical? Maybe, but after recent compromises in the security industry (Sony, DigiNotar), nothing would surprise me. Least of all a company selling a defective-by-design security card to make some extra money.

    --
    "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
  2. Take-Two Scenario by Anonymous Coward · · Score: 5, Informative

    I wrote a paper on the state of RFID security a few years ago. I could write something insightful but I'll just summarise.
    Low Power Requirements, Low Cost or Proper Security, pick two. That's the problem the industry faces and the reason we see flawed designs.