Slashdot Mirror

← Back to Stories (view on slashdot.org)

German Researchers Crack Mifare RFID Encryption

Posted by Soulskill on from the setting-'em-up-and-knocking-'em-down dept.

jfruhlinger writes "The long-running security battle has seesawed against RFID cards, as German researchers revealed a way to clone one type of card currently used for a variety of purposes, from transit fares to opening doors in NASA facilities." According to the article, "NXP Semiconductors, which owns Mifare, put out an alert to customers warning that the security had been cracked on its MIFARE DESFire (MF3ICD40) smartcard but saying that model would be discontinued by the end of the year and encouraging customers to upgrade to the EV1 version of the card." This response may sound familiar.

10 of 44 comments (clear)

  1. RFID cracked? Shocking! by Baloroth · · Score: 5, Informative

    But seriously, RFID isn't secure against dedicated attackers. The fact that this vulnerability was known way back when the cards were first made leads me to suspect that they didn't create protection against it then so that they could sell their newer cards now, and save a few bucks at the time. Conveniently, the newer cards are even backwards compatible. Cynical? Maybe, but after recent compromises in the security industry (Sony, DigiNotar), nothing would surprise me. Least of all a company selling a defective-by-design security card to make some extra money.

    --
    "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
    1. Re:RFID cracked? Shocking! by Necroman · · Score: 4, Interesting

      Or they had a working solution and wanted to get something out the door to start making money. If creating a new solution only took a month, that's money in the eyes of business leaders that they would not be making. So they make the decision to sell now, then fix the problem later. Plus, as you said, it leads to upgrades.

      With something like the security of RFID cards, I would think that shipping with a possible security hole would be a pretty big deal. But its hard to say why the would make such a decision (or how aware of the possibility of it being cracked).

      --
      Its not what it is, its something else.
    2. Re:RFID cracked? Shocking! by IamTheRealMike · · Score: 3, Insightful
      Or, there's an even simpler explanation: the attack in question is based on side-channel attacks that are not easy to exploit. From TFA:

      It takes about seven hours to crack the security on one card and get its 112-bit encryption key, the researchers said. It only works if you've already spent months profiling the card's architecture, behavior and responses.

      I think selling cards that aren't resistant to side channel attacks like this is a perfectly reasonable decision. Lots of hardware is vulnerable to this kind of ultra-intensive probing (eg, the Xbox).

      Like anything in engineering, these cards boil down to a cost/benefit analysis. If you use these cards in your canteen, how likely are you to go up against a team of people who spend months doing blackbox analysis of the cards? If that isn't likely, it makes sense to save money.

      I am not even sure this counts as a "crack". Unless the German team release absolutely everything, the basic analysis would have to be repeated by whoever wants to recreate the attack. If you have that much money and expertise, there are probably easier ways into a secure facility than hacking the door locks (eg, bribing/blackmailing someone on the inside).

    3. Re:RFID cracked? Shocking! by plover · · Score: 3, Interesting

      You only have to profile the architecture one time, which this team has already done. Any MIFARE system can now be cracked in 7 hours. Once the POS system's card is analyzed, they'd be able to crack the keys on your particular canteen in 7 hours. And even then, multiple keys is a big problem. If your canteen is operated by some big chain, and that big chain also runs my canteen, what are the chances they have the same keys? I'd bet lots of money on it.

      The core of the security problem is that because an implementation is hard and expensive, it's done infrequently. That means companies want to scale them up to drive down the unit costs of implementing them. Vendor X won't invent a new POS card for each client. Your food service company won't even deploy a separate key for each store.

      Crack once, steal anywhere. It's an implementation issue. And that's why selling cards vulnerable to side channel attacks is a recipe for failure.

      --
      John
  2. Vulnerabilities known since years, but covered up by gentryx · · Score: 3, Informative

    Johannes Schlumberger and others did some hacking on Mifare cards here in Germany. The University of Erlangen-Nuremberg uses them for wireless payments in their canteen and also for access control to sensitive areas. After notifying the manufacturer they didn't try to fix the problems, but threatened him with legal action -- even though it was a research project. As it says on Schlumberger's homepage: "Unfortunately I am not allowed to make my results public"

    --
    Computer simulation made easy -- LibGeoDecomp
  3. NASA and cards by Anonymous Coward · · Score: 4, Informative

    NASA has recently had two card initiatives. The first was to replace the ancient keycard swipe card system with newer proximity cards, while leaving the badge system alone. The second replaced both the badges and the (circa mid-2000s) prox cards with still newer HSPD-12 compliant smartcards. This sounds like the prox cards. In other words, it is most likely that NASA has already replaced these cards.

    Posting anon for obvious reasons. Speaking for myself rather than my employers.

  4. Take-Two Scenario by Anonymous Coward · · Score: 5, Informative

    I wrote a paper on the state of RFID security a few years ago. I could write something insightful but I'll just summarise.
    Low Power Requirements, Low Cost or Proper Security, pick two. That's the problem the industry faces and the reason we see flawed designs.

  5. Side chain attack by pipedwho · · Score: 4, Informative

    The summary poorly describes the real issue.

    The encryption algorithm used in these cards is Triple DES. The 64 bit block cipher has not been cracked and still maintains approximately 80 equivalent bits of effective security with its 112 bit key.

    However, the crack involves using a side chain attack and card profiling and allows the key to be retrieved within 3 to 7 hours. The attack is complicated, but has always generally suspected to be possible. Until now, no one had demonstrated and shown a detailed method to actually crack this type of card.

    This is less of an immediate issue for security installations, as the systems are probably already backed with secondary verifiers (eg. biometrics, codes, etc) for high security requirements, and the access areas are probably counted in the low double digits. Not to mention that most 'security systems' seem to be composed mostly of security theatre anyway.

    But, some systems using those cards are MUCH harder to retrofit (eg. electronic money/credit equivalents like metro systems, etc) where the infrastructure is highly diverse. And replacement would involve a massive process of card/reader swap outs, most likely with both systems operating in parallel for a time. Those systems also provide the most financial gain and lowest risk for criminal organisations if they can crack the security of the cards.

  6. This has somem history by TESTNOK · · Score: 2

    Here's a link to the earlier hack by German reseachers in PCworld , with links to video demonstration and paper of University of Virginia.

    A similar hack on the same chip also in 2008 was published by Dutch researchers from Radboud Univeristy in Nijmgen, in the Netherlands. This case attracted additional attention because the company making the Mifare chip, NXP (formerly Phillips semiconductors), tried to block publication of the hack and was denied this in a Dutch court of law (security guru Schneier on this).

    Even more recently, the " improved" system, but still using the same chip on the cards, was targeted by Dutch investigative journalist Brenno de Winter who was cleared from prosecution by a judge as recently as three weeks ago. His research showed that hacking was possible by using a freely available windows program (you-tubevideo of his sadly overly-long presentation at DefCon 16).

    Last week it became public that the company responsible for the system, Trans Link Systems ( somewhat uninformative site) has silently been introducing cards using a different chip for two months now. It uses the Infineon SLE-66 chip (producer unknown to me; anyone?), that can have software installed. The software that was installed by TLS is to block any tampering. Dutch news site nu.nl has had such a card for two weeks and was not able to hack it with the currently known methods (their article, Dutch only, I'm afraid). Old cards are still in production until he end of the year for subscriptions (linked to personalized accounts) but the new cards are used for the anonymous day cards. Equipment of public transport personnel has been adapted to reveal hacking attempts.

    So, the big question to all the security experts hovering around slashdot: how realistic is the claim that this card will prevent fraud? Let's be realistic and assume that it can eventually be hacked in the lab, but that practical application of this hack is not feasible. The interesting case is a hacking method that would make free transport available on a large scale, as is the case now.Can chip-installed software block such tampering attempts?

  7. Re:I have the crack! by Jane+Q.+Public · · Score: 2

    I wanted to upgrade my own system to Milfware 3.0, but I was told that things are just a little too tight right now.