NXP RFID Cracked 111
kamlapati sends us to EETimes for news that the Chaos Computer Club in Germany and researchers from the University of Virginia have cracked the encryption scheme used in a common RFID chip, NXP's Mifare Classic. According to the article the device is used in many contactless smartcard applications including fare collection, loyalty cards, and access control cards. NXP downplays the significance of the hack, saying that that model of RFID card uses old technology and they do a much better job these days.
Security implications? (Score:4, Interesting)
Is this simply lowering the security down to the same level as a barcode but with radio transmission?
Re:Transit passes... (Score:5, Interesting)
A few years ago, my roommate and I built a credit card reader/copier for under $10.
We copied a few metro passes (magnetic strip, no RFID)just to see if it would work, and we learned that it does, but you can't pass the 'same' card through the system 2 times n a row. my friend got the embarasing warning buzzer, and he was the one with the legetimate pass!
they accsed us of doing a passback. we just played dumb.
"no we didn't! i made a copy of his card! its right here! try it! see! there was no passback!" is a very bad defence.
we only used it once, just to see if it would work, then destroyed it.
My advice is: you should be very careful with this kind of stuff. Not only unethical and wrong, it is also illegal.
Re:Frustrating, but not really... (Score:4, Interesting)
Possible to duplicate RFID cards? (Score:3, Interesting)
I just moved into an apartment building that uses a card to access the lift. The sensor is at shoulder height so I can't just hip-swipe it.
Digging this card out every time I want to go home is annoying me tremendously. It's hard to fish it out of my pocket when I am carrying other stuff, and often ends up sending bits of cash flying everywhere.
Additionally, the building charges US$50 (nonrefundable) for a spare card, so when we have houseguests, we end up playing all kinds of games to make sure everyone can get back in from wandering around.
I would love to copy the RFID element onto a keyfob like I have for the office, so I can just dig out my keychain - easy to find, easy to retrieve from a pocket - instead of a big flat card. Is this a service anyone offers, or is it something I can do on my own with the right equipment (preferably $50 of course)?
Re:Possible to duplicate RFID cards? (Score:5, Interesting)
It depends on the card technology. Most stuff these days (transit passes, etc.) seem to be using 13.56 MHz equipment, but some low-security access applications still use the old 125 kHz technology. I don't really know anything about 13.56 MHz equipment. As for 125 kHz stuff, it's trivial to read the data from the card, and there are a lot of RFID kits out there that will let you write data to cards. I am specifically looking at this kit [sonmicro.com] for writing to 125 kHz cards.
First thing you'd need to do is to find out what kind of reader it is - get the brand name, go to the website, and find the model that looks like your reader. Check the datasheet to find out what kind of cards it reads, etc. That'll get you started. All that said, it'll probably be a lot simpler (and for one or two cards, cheaper) just to buy them :-)
yes (Score:1, Interesting)
hardhack (Score:3, Interesting)
Re:Frustrating, but not really... (Score:2, Interesting)
It is more difficult to activate passive (i.e. powered wirelessly by the reader's interrogation signal) tags from great distances, but afaik engineers haven't worked out how to perform good encryption with this tiny amount of power, so these tags are not appropriate for security-sensitive applications.
Re:Security implications? (Score:3, Interesting)
Obviously the design of the reader itself is mostly responsible for the read range, however this does mean that there are no long range readers in circulation ATM, unlike the old 128KHz cards.
This type of card does require active comms with the reader (has a 2 way authentication mechanism) and will be much harder for engineers to produce long range readers as the card itself was never designed for it.
For the record, this particular standard has been regarded as out of date, and not too secure, for some time now within the physical electronic security industry. It has also been wrongly applied in most cases where the cards serial number is used as a credential, instead of storing access control data in your own application area with your own crypto keys, though this is mostly redundant now in the wake of this news...