Hackers Find a Way to Crack Popular Smartcard in Minutes
9 March 2008PC World has an article about Karsten Nohl’s RFID cryptanalysis work: Hackers Find a Way to Crack Popular Smartcard in Minutes: Security on RFID-enabled smartcards is easily broken by young hackers. March 7, 2008.
The team used an inexpensive RFID reader to collect encrypted data, and then reverse-engineered the chip to figure out the encryption key to decipher that data. They examined the chip under an optical microscope and used micro-polishing sandpaper to remove a few microns of the surface at time, photographing each of the five layers of circuitry. Nohl wrote his own optical recognition software to refine and clarify the images, and then patiently worked through the arrangement of the logic gates to deduce the encryption algorithm, a task made possible by the fact that the Mifare Classic relies on a secret key of no more than 48 bits.
“Regardless of the cryptographic strength of the cipher, the small key space therefore permits counterfeiting of any card that is read wirelessly,” the team wrote in a follow-up statement issued on Jan. 8. “Knowing the details of the cipher would permit anyone to try all possible keys in a matter of days,” the researchers noted. “Given basic knowledge of cryptographic trade-offs and sufficient storage, the secret keys of cards can be found in a matter of minutes.”
[Added 12 March] PCWorld has a second article on this: RFID-Hack Hits 1 Billion Digital Access Cards Worldwide: A warning is issued that some security access cards that use RFID technology are vulenarble to hack attacks, 12 March, 2008.