RFID hack could crack open 2 billion smart cards
14 March 2008This article in ComputerWorld has an excellent account of the Mifare cryptanalysis and its implications: RFID hack could crack open 2 billion smart cards: Analyst: One European government sent armed guards to protect facilities using the card by Sharon Gaudin, Computer World, 14 March 2008.
A student at the University of Virginia has discovered a way to break through the encryption code of RFID chips used in up to 2 billion smart cards used to open doors and board public transportation systems.
Karsten Nohl, a graduate student working with two researchers based in Germany, said the problem lies in what he calls weak encryption in the MiFare Classic, an RFID chip manufactured by NXP Semiconductors. Now that he’s broken the encryption, Nohl said he would only need a laptop, a scanner and a few minutes to get the cryptographic key to an RFID door lock and create a duplicate card to open it at will.
And that, according to Ken van Wyk, principal consultant at KRvW Associates, is a big security problem for users of the technology.
“It turns out it’s a pretty huge deal,” said van Wyk. “There are a lot of these things floating around out there. Using it for building locks is the biggy, especially when it’s used in sensitive government facilities — and I know for a fact it’s being used in sensitive government facilities.”
…
The article also includes some interesting comments from a spokesman for NXP Semiconductors.