NXP RFID Cracked 111
kamlapati sends us to EETimes for news that the Chaos Computer Club in Germany and researchers from the University of Virginia have cracked the encryption scheme used in a common RFID chip, NXP's Mifare Classic. According to the article the device is used in many contactless smartcard applications including fare collection, loyalty cards, and access control cards. NXP downplays the significance of the hack, saying that that model of RFID card uses old technology and they do a much better job these days.
Security implications? (Score:4, Interesting)
Is this simply lowering the security down to the same level as a barcode but with radio transmission?
Re:Security implications? (Score:4, Informative)
Re:Security implications? (Score:4, Informative)
Exactly that, and that's a serious problem. The chips might have been designed for working with small ranges, but you can easily build a reader that overcomes that. Better yet, you can build a reader that works at greater distances and reads tags in bulk. It's kinda like everybody having their bar codes in huge letters stamped at their foreheads, t-shirts, wallets, etc. It's actually worse than that.
Re:Security implications? (Score:5, Informative)
It seems to me that the big deal is that, once read or once the algorithms are decoded, they can be easily programmed into another tag. This problem has already been well demonstrated with the tags on US passports. With the tags popular for some kinds of public transit systems, they're begging to be forged.
Re: (Score:3, Interesting)
Obviously the design of the reader itself is mostly responsible for the read range, however this does mean that there are no long range readers in circulation ATM, unlike the old 128KHz cards.
This type of card does require active comms with the reader (has a 2 way authentication mechanism) and will be much harder for engineers to produce long range readers as the card itself was never de
Re: (Score:1)
It means free public transportation in the Netherlands and quite a few other places.
The mifare RFID card is used as 'electronic ticket/cash card'
Re:Security implications? (Score:5, Insightful)
I don't think that CRYPTO1 use is limited to contactless (RFID) cards. Presumably, any smart card (whether wireless or not) that uses CRYPTO1 to protect data is now compromised.
It's tough to pinpoint the security implications because it depends on what cards out there in the world (and there are a TON of Mifare cards in use!)
The fun, for the years ahead, will be in discovering where these implementations exist in the real world. In the software world we know that people are slow enough updating compromised software. Well this is HARDWARE we're talking about, with millions (or more?) deployed vulnerable smart cards, in a variety of potentially vulnerable settings.
Mifare isn't a "smart card" (Score:3, Informative)
1. In the smart card industry, Mifare isn't categorized as a smart card. A smart card typically has an operating system running on it so one can create their own on-card applications. The cards provide RSA crypto functions (low end have AES only) with a strong emphasis on secure storage measured in a few Kbytes. This is different than Mifare.
2. Mifare can be categorized as a single purpose card. It does a few things quickly and
Re: (Score:3, Insightful)
http://video.google.com/videoplay?docid=4252367680974396650&hl=en [google.com]
Frustrating, but not really... (Score:5, Funny)
It'd be pretty noticeable if someone had a high powered RFID antenna/reader - if they were trying to move it.
But, since it would be easy to install a modified high power RFID reader in a convenience store stand, near a window or in a mailbox on a street corner, this could become a problem.
I guess it means that I'll be wearing tinfoil pants as well as a hat, to keep THEM from reading my mind, and my credit card. And password. And the chip in my dog.
Re:Frustrating, but not really... (Score:5, Funny)
Must be a pretty small dog or pretty large pants...
Re: (Score:3, Funny)
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:2)
It's entirely possible he meant to say the chip in his dong...
Re: (Score:2)
A bar-coded Prince Albert [wikipedia.org]! But
Re:Frustrating, but not really... (Score:4, Interesting)
yes (Score:1, Interesting)
Re: (Score:1)
Re: (Score:1)
Re: (Score:2, Interesting)
For a determined person not too hard (Score:2)
Re: (Score:1)
Re: (Score:2)
Has anyone considered that instaed of a high-gain antenna, you use a moderate gain one, something htat would work in the order of feet (or half a metre or so)?
Think about it, to g
Re: (Score:3, Informative)
Current "smart" credit cards, for example, use active (i.e. battery-powered) tags in the 13.56 MHz (HF) band.
Cite? I've been working on smart card applications for 10 years, including lots of credit and debit cards, in multiple countries and I have never seen any that were active. All are passive, whether contact or contactless. There is a project in the works in the US that is considering using active tags, but the technology limitations are pretty severe. The battery has to be very small, thin and flexible, yet have enough life to make it unnecessary to recharge frequently. The reason they want a battery
Hello Kitty can save us! (Score:2)
Hello Kittified tinfoil hats for your RFID cards [ubiks.net].
Re: (Score:2)
Re: (Score:2)
Deep doodoo (Score:5, Informative)
MiFare is a 13.56MHz system (ISM band), that uses H-Field coupling (ie near field magnetic coupling) in a loose transformer coupled arrangement.
The near field attenuates at 1/r^3, and as a rough guide you can read this type of tag to about 1.5 x loop diameter.
At 13.56Mhz, you can only make the antenna so large before the inductance of the antenna makes it impossible to resonate.
We in fact have a complex stub tuned antenna of about 1m diam, and that was difficult.
Another problem, is you have to start pumping out so much power, it becomes extremely difficult to see modulation on the carrier above the TX noise.
Now that said, it sounds like NXP (who have one of the worst web sites on the net), are in deep doodoo.
The reason is that MIFARE has huge rollouts in transportation systems, especially in asia, and these cards contain real monetary value.
System integrators, are now going to have to put extra work into either live back to central database checking (which will be hard on mobile platforms like busses), or upgrade systems to the triple des encrypted (and more expensive) cards.
Re: (Score:2)
Keep in mind that MIFARE is a brand, not a technology, and the brand includes multiple technologies. The one that was broken is called MIFARE "classic", and although there are various deployments of it around the world, many MIFARE deployements use one of the newer, more secure technologies.
Re:Frustrating, but not really... (Score:5, Insightful)
I guess making the encryption barely good enough is a nice way to ensure you get future orders. Their customers can upgrade for a moderate fee or spend a hell of a lot more to go elsewhere.
Re: (Score:2)
1. make crappy encryption
2. wait for hackers to crack said encryption
3. ???
4. Profit
5. Repeat
i guess step 3 would be wait for the idiots who bought equipment in step 1 to buy new and improved one.
Re: (Score:2)
Re: (Score:3, Insightful)
I guess making the encryption barely good enough is a nice way to ensure you get future orders. Their customers can upgrade for a moderate fee or spend a hell of a lot more to go elsewhere.
That's not really fair. When MIFARE "classic" was first released, it wasn't really possible to get strong encryption in a passive, contactless form factor. Not only that, there were also cryptography import/export regulations that limited the key size to 40 bits. As technology has progressed, the MIFARE brand has grown to include other technologies which are very secure and don't use proprietary algorithms. Current-generation devices use AES, for example.
Many customers of the various contactless sma
RFID Limited Range? Ha, Ha, Ha! (Score:2)
Re: (Score:3, Informative)
More seriously, if you trigger one RFID tag at that range, you're going to trigger every other tag in the beam of your reader. Sorting out that noise isn't go
Re: (Score:3, Insightful)
Microwatt transmitters are routinely read at distances of dozens or hundreds of kilometres 1 [talkingelectronics.com], 2 [surrey.ac.uk]. I don't see why a quarter milliwatt RFID chip [rfidjournal.com] couldn't be read from similar distances.
You should do it, then, and make a name for yourself. The maximum range that anyone has been able to communicate with these chips is about three meters, and that in a carefully-controlled, RF-damped lab environment[*].
Part of the thing that makes it so difficult is that the card is powered by inductance from the reader's field. Since power delivered to the card decreases with the cube of distance, this means that as range increases the power requirements go up dramatically. Another part of the proble
Re: (Score:1)
Unfortunately my gigawatt Tesla coil killed everyone within 40 feet.
old news? (Score:2, Informative)
(So no, I didn't RTFA.) The Tube in London and the Boston MBTA subway use Mifare.
Re: (Score:2)
I wonder how many other systems are out there using it.
Transit passes... (Score:2)
(*I am not actually interested in hacking my fare card, as such an action is not only unethical and wrong, but seems risky. And t
Re: (Score:2)
Well u might be able to sell fare credits to help with the rent
Re:Transit passes... (Score:5, Interesting)
A few years ago, my roommate and I built a credit card reader/copier for under $10.
We copied a few metro passes (magnetic strip, no RFID)just to see if it would work, and we learned that it does, but you can't pass the 'same' card through the system 2 times n a row. my friend got the embarasing warning buzzer, and he was the one with the legetimate pass!
they accsed us of doing a passback. we just played dumb.
"no we didn't! i made a copy of his card! its right here! try it! see! there was no passback!" is a very bad defence.
we only used it once, just to see if it would work, then destroyed it.
My advice is: you should be very careful with this kind of stuff. Not only unethical and wrong, it is also illegal.
Re: (Score:1)
(the other option would be that you don't find it unethical, in which case you should have said no only do some people find it unethical and wrong...)
Re: (Score:2)
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
Re: (Score:3, Insightful)
Re: (Score:2)
AD&D stuff aside, i think experimenting with the intent of learning is not THAT unethical by itself.
Re: (Score:1)
Power Corrupts
therefore
BURN THE WITCH
Re: (Score:1)
Re: (Score:2)
"Not only is it unethical and wrong, it is illegal."
Both statements are completely valid, depending on what you are saying.
Illegal is not a subset of unethical and wrong.
Unethical and wrong is not a subset of Illegal.
Think of a two set Venn diagram with both sets represented as circles with exactly 2 distinct intersections.
Like this: http://upload.wikimedia.org/wikipedia/en/0/06/Venn-diagram-AB.svg [wikimedia.org]
Re: (Score:1)
There is of course the matter of deferring to the law vs your personal ethics, but that wasn't what the o.p. was talking about(or perhaps it was, but if so, it isn't done very clearly).
So I stand by what I was getting at, that it is entirely different to consider the law first than it is to consider your own ethics first, especially when deciding whether or not to do something. That doesn't mean you don'
Not that easy (Score:2)
A cracked card may well work on disconnected readers that synchronize at intervals but when this sync occurs it will be easy to detect fraud. That can disable the card and wh
Re: (Score:1)
I live in Brisbane, Australia where we have a metro region transit system called, in a spooky parallel, Translink [translink.com.au] (one ticket to rule them all). They're in the process of rolling out a "smart" card, with the imaginative name of "Go Card". All I can say is that I hope the SF one works better than this much delayed and troubled system. For example, to calculate correct fares the point of entry and exit of a trip needs to be known. The bus-mounted units know this from in-built GPS units, but nobody though
Re: (Score:2)
Congratulations (Score:2)
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
Yeah, but... (Score:5, Insightful)
I don't doubt for a minute that NXP does a much better job on security these days. But based on past performance, you can bet a lot of the old ones are still floating around, and will be for a long, long time to come.
Old news but worth a look (Score:1, Informative)
Re: (Score:1)
This is why RFID is bad (Score:4, Insightful)
Sure it MIGHT be slightly more convenient, but I would rather take the 3 seconds to swipe the card and not have to deal with fraud and identity theft which will take up more time.
RFID is a terrible concept, but at the very least they should make cards with an off switch.
Re: (Score:2, Insightful)
Re: (Score:1)
I can see the headlines now about secure RFID cards that are only turned on when signaled to at checkout counters.
Step 1 ) Turn on card.
Step 2 ) Hack card.
Re: (Score:2, Insightful)
The fault lies not in RFID, but in a lousy security implementation.
The same principle applies to cards that use metal contacts.
(Did you see the ATM hack in Terminator 2?)
My college has that type of cards, only with direct electrical contacts.
It was only slightly harder to analyse (dummy card & card holder to tap the signal),
but the encryption on it was simply impossible.
Don't blame RFID on the things it's (ab)used for.
Those radio-gates at stores are based on RFID.
Modern (Computer) factori
Re: (Score:2)
This is why RFID is bad. It gets hacked, the banks and credit card companies ignore it and claim it is secure.
If RFID is bad, this situation has nothing to do with why. Everyone in the industry has known for many years that MIFARE classic was insecure. At the time it was developed it was about the best that could be done, but we all knew that their proprietary cipher was likely to be crap, and used small keys besides. Really, the only surprise is that it took this long for it to be cracked (and I think it's entirely possible that it didn't take this long).
This situation says nothing at all about the securit
After this article... (Score:3, Funny)
Next hackers to try the new stuff in 3... 2.... 1...
H4x0r3d !! All your code are belong to us!
Seriously, I know they need to try, but personally I don't think they ever try hard enough. Mostly this is due to convenience of not having to generate millions of keys and other such secure ideas. Sometimes I wonder why they try to make it cheap instead of just trying to make is safe? To save a couple of bucks per device? Security is not cheap or easy. period. ever.
Re: (Score:2)
Re: (Score:2)
off topic (Score:1)
Chess Club (Score:1, Funny)
Dammit - that's the second time this week I've scanned the story too fast and wondered why on earth a German Computer Chess Club cared so much about internet security...
Possible to duplicate RFID cards? (Score:3, Interesting)
I just moved into an apartment building that uses a card to access the lift. The sensor is at shoulder height so I can't just hip-swipe it.
Digging this card out every time I want to go home is annoying me tremendously. It's hard to fish it out of my pocket when I am carrying other stuff, and often ends up sending bits of cash flying everywhere.
Additionally, the building charges US$50 (nonrefundable) for a spare card, so when we have houseguests, we end up playing all kinds of games to make sure everyone can get back in from wandering around.
I would love to copy the RFID element onto a keyfob like I have for the office, so I can just dig out my keychain - easy to find, easy to retrieve from a pocket - instead of a big flat card. Is this a service anyone offers, or is it something I can do on my own with the right equipment (preferably $50 of course)?
Re: (Score:1)
I wonder if this hack affects the flavour of RFID tags used in Brisbane's newly introduced Go-Card public transport ticketing system. I'd hope not.
Re:Possible to duplicate RFID cards? (Score:5, Interesting)
It depends on the card technology. Most stuff these days (transit passes, etc.) seem to be using 13.56 MHz equipment, but some low-security access applications still use the old 125 kHz technology. I don't really know anything about 13.56 MHz equipment. As for 125 kHz stuff, it's trivial to read the data from the card, and there are a lot of RFID kits out there that will let you write data to cards. I am specifically looking at this kit [sonmicro.com] for writing to 125 kHz cards.
First thing you'd need to do is to find out what kind of reader it is - get the brand name, go to the website, and find the model that looks like your reader. Check the datasheet to find out what kind of cards it reads, etc. That'll get you started. All that said, it'll probably be a lot simpler (and for one or two cards, cheaper) just to buy them :-)
Re: (Score:2)
Looks like it's this one - HID Thinline 2 [hidcorp.com] - which is 125kHz.
You're probably right about it being cheaper to just pony up for a spare card, but I do have a masochistic urge to embark on elaborate and expensive projects.
If the SonMicro kit at US$96 will write to these cards then that looks interesting. Though on their forum I see something about needing "credits" to program cards, and after every so many write operations you have to go back and get more credits from SonMicro or you go read-only. That seem
Re: (Score:2)
Hm, I'm glad you pointed that out, about the credits, I hadn't noticed that. Also, I am not sure if that kit is compatible with HID equipment (there's something about that in the forums, too).
They use HID equipment where I am, and while I don't really care about reading/writing to our HID cards, I do need to find out if HID readers can read other brand cards (e.g. Atmel, etc). It may be the case they cannot, which would mean we are out of luck :-(
Re: (Score:1)
downplaying the white elephant (Score:4, Insightful)
NXP downplays the significance of the hack, saying that that model of RFID card uses old technology and they do a much better job these days.
...except that more than half of the world's largest transit systems use MiFare Classic- they're all truly fucked, and it wouldn't surprise me if the mafia are already cloning/selling counterfeit cards, especially in Asia. Also, apparently in some countries MiFare Classic cards are as prevalent as HID Proxcards are in the US for building access.
Also, for those of you claiming read distance is enough protection- sure, the reader on the bus can only read your card at an inch or two. Well, see- there are commercial solutions that can do much more. HID, for example, makes a one-foot-square reader capable of reading proximity cards at a distance of over a foot, sometimes almost two feet. Antenna size (for receiving the card response) and power levels (for energizing the card) are all that matter here, really.
Now, think about how close you get to people as you board a bus and grab a seat at the back- how many pocketbooks and wallets you can easily come within a foot (or less.) Now think about how big an antenna you could put in a bookbag or briefcase...
Re:downplaying the white elephant (Score:4, Informative)
So, increasing the distance isn't as trivial as you seem to imply. getting it to a few feet is probably doable without attracting a lot of attention, but getting it to more than ten feet doesn't sound plausible at all.
Re: (Score:2)
Re: (Score:2)
So, increasing the distance isn't as trivial as you seem to imply. getting it to a few feet is probably doable without attracting a lot of attention
Which was my whole fucking point, douchebag. But hey, it got you modded up, right?
Re: (Score:2)
Which was my whole fucking point, douchebag
And my point is that you're still limited in distance by quite a bit. I wasn't meaning to contradict you, just state the upper limit of your argument with the limitations that implies. But don't let that keep you from getting confrontational.
But hey, it got you modded up, right?
If I was looking for a mod, I would have posted the same response higher in the conversation so that more mods would have seen it sooner. Instead of assuming that I was looking for a mod, why not assume instead that I was looking for a discussion on the practicality o
Behold -- science. (Score:5, Funny)
"Oh, no, sonny. That there pallet's running v1.47a -- the cyberinjuns cracked that dekacycles ago. Hardly know what's in there now. Could be tomato, could be chicken noodle. Send that back on the factory. We'll get you some nice v1.49 soup out here. Won't be half a cycle."
Forget the soup... (Score:2, Funny)
Can they read the chip on my shoulder?
hardhack (Score:3, Interesting)
Re: (Score:2)
Security Idea (Score:2)
They broke Philips/NXP CRYPTO1 (Score:5, Informative)
To clarify a few things. First of all this has been known for a few months. The earliest mention I saw was December 29, 2007: MiFare's CRYPTO1 algorithm mostly reverse-engineered [cryptanalysis.eu]. More information, including a slide show, is presented in this January 1, 2008 post: Mifare crypto1 RFID completely broken [hackaday.com]
Quick background: NXP (Philips) creates a line of smart cards called "Mifare" based on proprietary protocols, including the CRYPTO1 cipher (undocumented, proprietary). There are a lot of Mifare cards deployed, and there is a huge element of security through obscurity especially if you rely on proprietary protocols, such as CRYPTO1 algorithm.
This research, as linked above (and posted in this slashdot article... old news) shows that CRYPTO1 stream cipher is horribly broken, based on a terribly insufficient random number generator. Besides busting this example of security through obscurity, the target technology is actually deployed in a very wide range of uses. Meaning, this attack has many real world consequences.
Re: (Score:1)
Dupe: I wonder how actual this is.... (Score:2)
Mifare card cracked !! (Score:2, Informative)
Re: (Score:2)
It also didn't come after the announcement of the crack. More secure cards using open, standard and well-proven algorithms like RSA and AES have been on the market, including from NXP, for years.
Hack Oyster cards? (Score:1)
So instead of the pesky kids getting free London bus travel, the geeks in their 30s who've been paying over the odds for years can go free on the Tube!
Nice one.