Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

NXP RFID Cracked

kdawson posted more than 6 years ago | from the that-was-easy dept.

Security 111

kamlapati sends us to EETimes for news that the Chaos Computer Club in Germany and researchers from the University of Virginia have cracked the encryption scheme used in a common RFID chip, NXP's Mifare Classic. According to the article the device is used in many contactless smartcard applications including fare collection, loyalty cards, and access control cards. NXP downplays the significance of the hack, saying that that model of RFID card uses old technology and they do a much better job these days.

cancel ×

111 comments

Sorry! There are no comments related to the filter you selected.

Security implications? (4, Interesting)

Anonymous Coward | more than 6 years ago | (#22937036)

What sort of security implications would this hack cause?
Is this simply lowering the security down to the same level as a barcode but with radio transmission?

Re:Security implications? (0, Offtopic)

Brian Gordon (987471) | more than 6 years ago | (#22937052)

Yes. Also holy karma whore.

Re:Security implications? (4, Informative)

maxume (22995) | more than 6 years ago | (#22937178)

Umm, he posted anonymously. Hence no karma. Not even the religious kind.

Ummmm... (-1, Flamebait)

Anonymous Coward | more than 6 years ago | (#22937070)

maybe it was because Bruce Schneir, aka amataur cryptologist designed it ?

Re:Security implications? (3, Informative)

prxp (1023979) | more than 6 years ago | (#22937388)

Is this simply lowering the security down to the same level as a barcode but with radio transmission?
Exactly that, and that's a serious problem. The chips might have been designed for working with small ranges, but you can easily build a reader that overcomes that. Better yet, you can build a reader that works at greater distances and reads tags in bulk. It's kinda like everybody having their bar codes in huge letters stamped at their foreheads, t-shirts, wallets, etc. It's actually worse than that.

Re:Security implications? (4, Informative)

Antique Geekmeister (740220) | more than 6 years ago | (#22938274)

As I understand the technology, building a reader with massively longer range is not a simple task. You start running into signal-noise ratios, and signals from multiple local devices, pretty quickly. There have been public demonstrations of RFID technologies that can detect multiple RFID tags inside a single crate successfully, but that doesn't mean they can be detected reliably from the next room.

It seems to me that the big deal is that, once read or once the algorithms are decoded, they can be easily programmed into another tag. This problem has already been well demonstrated with the tags on US passports. With the tags popular for some kinds of public transit systems, they're begging to be forged.

Re:Security implications? (1)

kitgerrits (1034262) | more than 6 years ago | (#22938210)


It means free public transportation in the Netherlands and quite a few other places.
The mifare RFID card is used as 'electronic ticket/cash card'

Re:Security implications? (0)

Anonymous Coward | more than 6 years ago | (#22938388)

free entry to dutch goverment buildings!

Re:Security implications? (4, Insightful)

bigberk (547360) | more than 6 years ago | (#22938412)

Implications: The Philips/NXP proprietary CRYPTO1 stream cipher is broken. This means that any card which relies on this algorithm to encrypt data being transmitted, can have that encrypted data compromised. It appears that the keys can also be compromised, so the whole card can be "cloned". This compromises the essence of the smart card, which is not supposed to be reproducible because private keys are supposed to remain secret. If the card in question was an access card to a corporation's secure facilities (and Mifare is very much used for such things) then these access cards can now easily be copied, cloned.

I don't think that CRYPTO1 use is limited to contactless (RFID) cards. Presumably, any smart card (whether wireless or not) that uses CRYPTO1 to protect data is now compromised.

It's tough to pinpoint the security implications because it depends on what cards out there in the world (and there are a TON of Mifare cards in use!) ... and where CRYPTO1 is being used to protect sensitive data.

The fun, for the years ahead, will be in discovering where these implementations exist in the real world. In the software world we know that people are slow enough updating compromised software. Well this is HARDWARE we're talking about, with millions (or more?) deployed vulnerable smart cards, in a variety of potentially vulnerable settings.

Mifare isn't a "smart card" (2, Informative)

mpapet (761907) | more than 6 years ago | (#22940332)

A couple of very important clarifications to make your claims more accurate.

1. In the smart card industry, Mifare isn't categorized as a smart card. A smart card typically has an operating system running on it so one can create their own on-card applications. The cards provide RSA crypto functions (low end have AES only) with a strong emphasis on secure storage measured in a few Kbytes. This is different than Mifare.

2. Mifare can be categorized as a single purpose card. It does a few things quickly and not secure as compared to a smart card. The primary application for MiFare is quick and cheap authentication and possibly value transfer measured in a dollar or two.

In theory the crack could be used to steal subway rides. How do you go about figuring out which systems are still on this card version??? And how much are you stealing? The bigger crack that's already been done is stealing gas with a dynamic PayPass. With both cracks no one is getting rich and the systems are not as compromised as the summary would have you believe.

Frustrating, but not really... (4, Funny)

PC and Sony Fanboy (1248258) | more than 6 years ago | (#22937082)

Since RFID needs close proximity to be read, I'm TOO concerned.

It'd be pretty noticeable if someone had a high powered RFID antenna/reader - if they were trying to move it.

But, since it would be easy to install a modified high power RFID reader in a convenience store stand, near a window or in a mailbox on a street corner, this could become a problem.

I guess it means that I'll be wearing tinfoil pants as well as a hat, to keep THEM from reading my mind, and my credit card. And password. And the chip in my dog.

Re:Frustrating, but not really... (4, Funny)

wronskyMan (676763) | more than 6 years ago | (#22937150)

I guess it means that I'll be wearing tinfoil pants as well as a hat, to keep THEM from reading my mind, and my credit card. And password. And the chip in my dog.

Must be a pretty small dog or pretty large pants...

Re:Frustrating, but not really... (2, Funny)

JonathanR (852748) | more than 6 years ago | (#22937316)

The tinfoil pants are for preventing them reading his mind.

Re:Frustrating, but not really... (2, Insightful)

wronskyMan (676763) | more than 6 years ago | (#22937322)

I think there is an old quote that goes something like "we were given 2 minds but only enough blood to run one of them at a time"

Re:Frustrating, but not really... (1)

Killjoy_NL (719667) | more than 6 years ago | (#22939032)

I think Robin Williams (the comic) coined that phrase :)

Re:Frustrating, but not really... (1)

_merlin (160982) | more than 6 years ago | (#22937616)

...the chip in my dog.

Must be a pretty small dog or pretty large pants...

It's entirely possible he meant to say the chip in his dong...

Re:Frustrating, but not really... (0)

Anonymous Coward | more than 6 years ago | (#22939256)

I've been told I have a chip on my shoulder before, but in my dog? No way!

Re:Frustrating, but not really... (3, Interesting)

v1 (525388) | more than 6 years ago | (#22937262)

I'd first have to assume that directional antennas work at range. Has anyone tried hacking together a nice gain antenna to an RFID reader, to see how many feet away you can be to read one?

yes (1, Interesting)

Anonymous Coward | more than 6 years ago | (#22937502)

about 30-90 meters with line of sight.

Re:Frustrating, but not really... (1)

HungSoLow (809760) | more than 6 years ago | (#22937678)

Depends. I'm not up to speed of the newer RFID stuff, but at the frequencies that I've seen, there is no chance you can get ANY gain out of an antenna in the kHz or 1 MHz range. Everything looks like a Hertzian dipole at those frequencies, i.e. omnidirectional or less than 2 dBi of gain. However, operate around 1 GHz or above and you could easily build handheld directive (high gain) antennas.

Re:Frustrating, but not really... (1)

pegdhcp (1158827) | more than 6 years ago | (#22937908)

Regular high gain omnidirectional antennas can go up to 100 meters in closed environment, if there is not so much metal sheets around. Somebody should try a yagi in open space.

Re:Frustrating, but not really... (2, Interesting)

Anonymous Coward | more than 6 years ago | (#22937958)

It depends a lot on the details of the specific RFID implementation. Current "smart" credit cards, for example, use active (i.e. battery-powered) tags in the 13.56 MHz (HF) band. With a large enough antenna and a high-gain amplifier, one of these can feasibly be read from a pretty good distance - maybe 30 or 50 feet given a clear line of sight. That said, a high-gain antenna at 13.56 MHz is *big*, and very difficult to hide, especially if it's attached to a huge power-hungry amplifier to pick out the tag response.

It is more difficult to activate passive (i.e. powered wirelessly by the reader's interrogation signal) tags from great distances, but afaik engineers haven't worked out how to perform good encryption with this tiny amount of power, so these tags are not appropriate for security-sensitive applications.

For a determined person not too hard (1)

aepervius (535155) | more than 6 years ago | (#22938246)

Put your antenna in a van, with your power hungry amplifier, then put a hole in the van before the antenna, and put some material which is transparent to that frequency, but opaque to normal sight. Park your van in LOS of what you want to check out. Naturally works only in the street, but that should open you some nice application.

Re:For a determined person not too hard (1)

KDR_11k (778916) | more than 6 years ago | (#22938888)

You can probably leave the antenna in plain sight, as long as it's mounted on a van people will assume you're a radio technician or something and using the antenna for business.

Re:Frustrating, but not really... (2, Informative)

swillden (191260) | more than 6 years ago | (#22939796)

Current "smart" credit cards, for example, use active (i.e. battery-powered) tags in the 13.56 MHz (HF) band.

Cite? I've been working on smart card applications for 10 years, including lots of credit and debit cards, in multiple countries and I have never seen any that were active. All are passive, whether contact or contactless. There is a project in the works in the US that is considering using active tags, but the technology limitations are pretty severe. The battery has to be very small, thin and flexible, yet have enough life to make it unnecessary to recharge frequently. The reason they want a battery is not because they can't implement good security without it, but because they want to embed a fingerprint scanner, keypad and display and make the card usable for simple purposes even when not in the field of a reader.

It is more difficult to activate passive (i.e. powered wirelessly by the reader's interrogation signal) tags from great distances, but afaik engineers haven't worked out how to perform good encryption with this tiny amount of power, so these tags are not appropriate for security-sensitive applications.

ALL major contactless smart cards on the market are passive, and many of them support RSA, AES, El Gamal, ECC, etc., on-card and have for years. Using on-chip hardware crypto accelerators they can even perform very intensive operations like on-card private key encryption/signing (much more expensive than public key operations) and on-card public key pair generation -- though the latter takes a few seconds.

I know the guys who designed the IBM JCOP [ibm.com] card operating system for the Philips SmartX chips (among others), which was purchased by NXP a couple years ago and is their current high-security offering. It definitely offers strong cryptography in both contact and contactless modes and includes various technologies to minimize the effectiveness of side-channel attacks and to make disassembly attacks difficult. It's good security -- and it is definitely passive.

You did get the frequency right, ISO 14443-compliant [wg8.de] cards do communicate in 13.56 MHz.

While I'm posting I should point out that this crack of the MIFARE classic proprietary encryption didn't surprise anyone in the industry. We've known for years that it sucked, and I have always steered my clients away from it. The only surprising thing is that it took this long.

Re:Frustrating, but not really... (1)

Tensor (102132) | more than 6 years ago | (#22938464)

Toll Booth cards are read at around 30/40 meters (100/130 ft) and at speeds of at least 100 kph (60 mph), and at least both of my cards (the old ones were active cards, but the new ones are passive "stickers") are Mifare cards ... so let the cloning begin. Only the true geek will buy $500 worth of RFID equipment to try to avoid paying a $0.1 toll fee.

Deep doodoo (4, Informative)

labnet (457441) | more than 6 years ago | (#22939114)

I've seen a lot of very uninformed comments on 'high gain antennas'
MiFare is a 13.56MHz system (ISM band), that uses H-Field coupling (ie near field magnetic coupling) in a loose transformer coupled arrangement.
The near field attenuates at 1/r^3, and as a rough guide you can read this type of tag to about 1.5 x loop diameter.

At 13.56Mhz, you can only make the antenna so large before the inductance of the antenna makes it impossible to resonate.
We in fact have a complex stub tuned antenna of about 1m diam, and that was difficult.

Another problem, is you have to start pumping out so much power, it becomes extremely difficult to see modulation on the carrier above the TX noise.

Now that said, it sounds like NXP (who have one of the worst web sites on the net), are in deep doodoo.
The reason is that MIFARE has huge rollouts in transportation systems, especially in asia, and these cards contain real monetary value.
System integrators, are now going to have to put extra work into either live back to central database checking (which will be hard on mobile platforms like busses), or upgrade systems to the triple des encrypted (and more expensive) cards.
 

Re:Deep doodoo (1)

swillden (191260) | more than 6 years ago | (#22939826)

The reason is that MIFARE has huge rollouts in transportation systems, especially in asia, and these cards contain real monetary value.

Keep in mind that MIFARE is a brand, not a technology, and the brand includes multiple technologies. The one that was broken is called MIFARE "classic", and although there are various deployments of it around the world, many MIFARE deployements use one of the newer, more secure technologies.

Re:Frustrating, but not really... (5, Insightful)

click2005 (921437) | more than 6 years ago | (#22937570)

Don't worry, NXP sells a new improved RFID chip with better encryption. I'm sure they'll make lots more money as a result of this as all these places using the older chips rush to upgrade.

I guess making the encryption barely good enough is a nice way to ensure you get future orders. Their customers can upgrade for a moderate fee or spend a hell of a lot more to go elsewhere.

Re:Frustrating, but not really... (1)

Tensor (102132) | more than 6 years ago | (#22938476)

Sad, but true.

1. make crappy encryption
2. wait for hackers to crack said encryption
3. ???
4. Profit
5. Repeat

i guess step 3 would be wait for the idiots who bought equipment in step 1 to buy new and improved one.

Re:Frustrating, but not really... (1)

fbjon (692006) | more than 6 years ago | (#22938862)

It's not a trivial task to get good encryption in a power-starved environment.

Re:Frustrating, but not really... (2, Insightful)

swillden (191260) | more than 6 years ago | (#22939898)

I guess making the encryption barely good enough is a nice way to ensure you get future orders. Their customers can upgrade for a moderate fee or spend a hell of a lot more to go elsewhere.

That's not really fair. When MIFARE "classic" was first released, it wasn't really possible to get strong encryption in a passive, contactless form factor. Not only that, there were also cryptography import/export regulations that limited the key size to 40 bits. As technology has progressed, the MIFARE brand has grown to include other technologies which are very secure and don't use proprietary algorithms. Current-generation devices use AES, for example.

Many customers of the various contactless smart card vendors have continued choosing MIFARE "classic", in spite of the fact that the security industry has been telling them for years that it wasn't a good idea. Why? Cost. The old technology was very simple, which translates to low silicon real-estate requirements, which translates to cheap.

If NXP and other vendors of MIFARE classic chips are at fault in any way, it's just for not being a little more aggressive in trying to talk customers out of choosing the cheap option. In many cases, the customers' business model couldn't accommodate a more expensive chip, so telling them not to use crappy security would have meant losing the business entirely. Personally, I told my clients not to use MIFARE classic even if it torpedoed the project, but others were more... "sales-oriented" is a nice way of putting it.

RFID Limited Range? Ha, Ha, Ha! (1)

camperdave (969942) | more than 6 years ago | (#22937742)

Microwatt transmitters are routinely read at distances of dozens or hundreds of kilometres 1 [talkingelectronics.com] , 2 [surrey.ac.uk] . I don't see why a quarter milliwatt RFID chip [rfidjournal.com] couldn't be read from similar distances.

Re:RFID Limited Range? Ha, Ha, Ha! (2, Informative)

Antique Geekmeister (740220) | more than 6 years ago | (#22938290)

You have to power the thing from the RFID reader to get a synchronized and readable signal. If you're going to design an RFID reader powerful enough to charge up an RFID tag from hundreds of kilometers, can I get you to run it past the designers of the hadron supercollider to make sure you're not generating micro black holes that will devour the Earth?

More seriously, if you trigger one RFID tag at that range, you're going to trigger every other tag in the beam of your reader. Sorting out that noise isn't going to work well at dozens of kilometers range, even if the power involved doesn't cook any birds flying overhead.

Re:RFID Limited Range? Ha, Ha, Ha! (2, Insightful)

swillden (191260) | more than 6 years ago | (#22940004)

Microwatt transmitters are routinely read at distances of dozens or hundreds of kilometres 1 [talkingelectronics.com] , 2 [surrey.ac.uk] . I don't see why a quarter milliwatt RFID chip [rfidjournal.com] couldn't be read from similar distances.

You should do it, then, and make a name for yourself. The maximum range that anyone has been able to communicate with these chips is about three meters, and that in a carefully-controlled, RF-damped lab environment[*].

Part of the thing that makes it so difficult is that the card is powered by inductance from the reader's field. Since power delivered to the card decreases with the cube of distance, this means that as range increases the power requirements go up dramatically. Another part of the problem is that the signal transmitted by the card is very weak and omnidirectional. While the reader can use a directional antenna to increase the effective range at which it can deliver sufficient power and a strong signal, the card does no such thing, meaning its signal rapidly falls below the noise floor as the distance increases.

[*] There are some papers floating around that demonstrate ability to communicate with a contactless smart card from arbitrary distances, but they do it by putting a powered repeater right next to the card.

old news? (2, Informative)

Anonymous Coward | more than 6 years ago | (#22937094)

Is this the same hack that theregister.co.uk reported over two weeks ago?

(So no, I didn't RTFA.) The Tube in London and the Boston MBTA subway use Mifare.

Re:old news? (1)

Kyro (302315) | more than 6 years ago | (#22937364)

As does Transperth [wa.gov.au] in Western Australia. (welcome to google transit transperth!) This whole issue was discussed in yesterday's local paper.
I wonder how many other systems are out there using it.

GNAA Merges With Cocksuckers For Christ Ministries (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#22937096)

**** BREAKING NEWS ****

GAY NIGGER ASSOCIATION OF AMERICA has merged with our gay cracker
friends known as, "Cocksuckers for Christ Ministries". These poor
crackers don't have their own websites, being the trailer trash
whites they are, but we have taken them under our nigger wing,
and now we call upon YOU to join us! Whether you are a gay nigger
or a gay cracker, gay black and gay whites now hold penises like
two elephants sharing their trunks in a wet handshake.

Join us now:

http://cocksuckersforchrist.gnaa.us/ [cocksucker...st.gnaa.us]

Help us with our bake sake to raise enough money to build a gay
nigger penis rocket manned by gay niggers and gay crackers to land
on the moon and plant the goatse flag:

http://gayniggerbakesale.gnaa.us/ [gayniggerb...le.gnaa.us]

THANK YOU! This is not a joke but the best time for us to spread
the news! We welcome all new gay niggers and cracker brothers and
sisters!

Transit passes... (1)

FooAtWFU (699187) | more than 6 years ago | (#22937100)

So, I'm in the San Francisco Bay Area, and they're just rolling out Translink [translink.org] , a contactless multi-agency farecard system - and about time, what with BART+Muni+SamTrans+AC Transit+Caltrain+VTA+Golden Gate Transit+goodness knows what else flying around here. Is it likely to be affected? (Will there be (more) delays over this matter?) Can I buy some cheap junk to hack my farecard?*

(*I am not actually interested in hacking my fare card, as such an action is not only unethical and wrong, but seems risky. And the transit fares I pay are dwarfed by my rent anyway...)

Re:Transit passes... (1)

Ex-MislTech (557759) | more than 6 years ago | (#22937128)

the transit fares I pay are dwarfed by my rent anyway

Well u might be able to sell fare credits to help with the rent ;)

Re:Transit passes... (5, Interesting)

theheadlessrabbit (1022587) | more than 6 years ago | (#22937146)

I'm sure it will be possible to change/hack a farecard soon enough. there are millions of people who use the cards every day, and many of them are nerds/cheep-asses. its only a matter of time.

A few years ago, my roommate and I built a credit card reader/copier for under $10.
We copied a few metro passes (magnetic strip, no RFID)just to see if it would work, and we learned that it does, but you can't pass the 'same' card through the system 2 times n a row. my friend got the embarasing warning buzzer, and he was the one with the legetimate pass!
they accsed us of doing a passback. we just played dumb.
"no we didn't! i made a copy of his card! its right here! try it! see! there was no passback!" is a very bad defence.

we only used it once, just to see if it would work, then destroyed it.
My advice is: you should be very careful with this kind of stuff. Not only unethical and wrong, it is also illegal.

Re:Transit passes... (1)

maxume (22995) | more than 6 years ago | (#22937200)

Maybe it was on purpose, but you got it backwards. Not only is it illegal, it is unethical and wrong. The difference is important.

(the other option would be that you don't find it unethical, in which case you should have said no only do some people find it unethical and wrong...)

Re:Transit passes... (1)

langelgjm (860756) | more than 6 years ago | (#22937264)

That reminds me of a sign I saw in the Wal-Mart checkout line: "Buying cigarettes for minors: It's not just wrong, it's illegal." Obviously because something being wrong just isn't enough to stop you from doing it these days...

Re:Transit passes... (1)

The End Of Days (1243248) | more than 6 years ago | (#22937378)

I agree. I long for the past when everybody always did the right thing.

Re:Transit passes... (1)

Palinchron (924876) | more than 6 years ago | (#22938716)

But what's wrong and what isn't is a subjective issue, so it may not be enough to stop someone who doesn't consider it wrong.

Re:Transit passes... (1)

KDR_11k (778916) | more than 6 years ago | (#22938916)

With all the loopholes, legal corruption and crap going on these days it IS a rare sight for a wrong and unethical thing to be illegal.

Re:Transit passes... (3, Insightful)

smorken (990019) | more than 6 years ago | (#22937438)

that depends on if you are lawful good or lawful chaotic

Re:Transit passes... (1)

ketamine-bp (586203) | more than 6 years ago | (#22937484)

i suppose you are talking about AD&D stuff.. there's no such thing as lawful chaotic, it's lawful evil. if you meant chaotic good then its another matter...

AD&D stuff aside, i think experimenting with the intent of learning is not THAT unethical by itself.

Re:Transit passes... (1)

AlamedaStone (114462) | more than 6 years ago | (#22937934)

Knowledge is Power
Power Corrupts
therefore

BURN THE WITCH

Re:Transit passes... (1)

theheadlessrabbit (1022587) | more than 6 years ago | (#22938022)

before we can be sure she is a witch, we weigh her. if she weights as much as a duck, then proceed...

Re:Transit passes... (1)

oyenstikker (536040) | more than 6 years ago | (#22939370)

"Not only is it illegal, it is unethical and wrong."
"Not only is it unethical and wrong, it is illegal."

Both statements are completely valid, depending on what you are saying.

Illegal is not a subset of unethical and wrong.
Unethical and wrong is not a subset of Illegal.

Think of a two set Venn diagram with both sets represented as circles with exactly 2 distinct intersections.
Like this: http://upload.wikimedia.org/wikipedia/en/0/06/Venn-diagram-AB.svg [wikimedia.org]

Re:Transit passes... (1)

maxume (22995) | more than 6 years ago | (#22939860)

It's perfectly valid to prefer the law to your own ethics, but I would argue it is also perfectly stupid.

There is of course the matter of deferring to the law vs your personal ethics, but that wasn't what the o.p. was talking about(or perhaps it was, but if so, it isn't done very clearly).

So I stand by what I was getting at, that it is entirely different to consider the law first than it is to consider your own ethics first, especially when deciding whether or not to do something. That doesn't mean you don't end up giving primacy to the law in the end, but you don't start out by giving it primacy.

Not that easy (1)

daBass (56811) | more than 6 years ago | (#22938006)

While your mag-stripe system was the dumbest in existence and completely disconnected, most of these RFID systems don't just keep info on these cards, there also is the central system, which is the authoritative repository. This is how they do re-charging over the internet (like you can do with Oyster in London) or replacing lost cards.

A cracked card may well work on disconnected readers that synchronize at intervals but when this sync occurs it will be easy to detect fraud. That can disable the card and while some very savvy people can constantly fake a new one for every trip, there won't be the possibility of selling pre-paid cards with lots of credit to the public at large. Also, the time stamp of when the card was used can be correlated with CCTV footage. Smile!

Somehow I don't think cracked cards are going to be a major hassle for transit systems.

I wouldn't use them for access to secure areas, but then again, the majority of building access is still done by very dumb 125KHz HID Prox cards that are not encrypted at all.

Re:Transit passes... (0)

Anonymous Coward | more than 6 years ago | (#22937308)

So you read the Translink card, and now you have a serial number. So what.

Does the card contain any more valuable information? Looks like it contains the last known balance and serial number, but everything else is handled by the central system.

Re:Transit passes... (1)

JonathanR (852748) | more than 6 years ago | (#22937350)

Does the card contain any more valuable information?
No, but the linked camera that took a photo of the card owner, or correlation with time-stamped CCTV footage might provide some useful additional info.

Re:Transit passes... (1)

GumphMaster (772693) | more than 6 years ago | (#22937712)

I live in Brisbane, Australia where we have a metro region transit system called, in a spooky parallel, Translink [translink.com.au] (one ticket to rule them all). They're in the process of rolling out a "smart" card, with the imaginative name of "Go Card". All I can say is that I hope the SF one works better than this much delayed and troubled system. For example, to calculate correct fares the point of entry and exit of a trip needs to be known. The bus-mounted units know this from in-built GPS units, but nobody thought to check that they work in the large, underground city bus terminals or account for loss of signal. The net result is under/overcharging of passengers using these terminals and no recourse.

You may be lucky though. Brisbane seems to have already bought up all the "cheap junk" to implement their readers and vending machines :)

"Smart" my...

Congratulations (1)

CSMatt (1175471) | more than 6 years ago | (#22937136)

Now prepare to be sued under the DMCA.

Re:Congratulations (1)

zebslash (1107957) | more than 6 years ago | (#22937842)

As far as I know US laws do not apply in Germany... Although AFAIK Germany may have also a set of similar liberticide laws.

Re:Congratulations (1)

CSMatt (1175471) | more than 6 years ago | (#22937962)

the Chaos Computer Club in Germany and researchers from the University of Virginia have cracked the encryption scheme used in a common RFID chip, NXP's Mifare Classic.
This could be American ignorance, but I don't know of any countries, provinces, or other geographical regions that have a "University of Virginia" that aren't in the United States.

Re:Congratulations (1)

KDR_11k (778916) | more than 6 years ago | (#22938926)

We do (EUCD) but I don't think a cryptosystem like that counts as a copy protection. Though there might be some stupid anti-hacking laws on the books (remember the whole outcry over banning "hacker tools"?).

Yeah, but... (4, Insightful)

hyades1 (1149581) | more than 6 years ago | (#22937142)

I don't doubt for a minute that NXP does a much better job on security these days. But based on past performance, you can bet a lot of the old ones are still floating around, and will be for a long, long time to come.

Old news but worth a look (2, Informative)

kaptink (699820) | more than 6 years ago | (#22937144)

Yep, its a bit out of date but still worth a look if you havent seen it. Free transport FTW! This link has an hour long lecture/display of the processes used: http://www.hackaday.com/2008/01/01/24c3-mifare-crypto1-rfid-completely-broken/ [hackaday.com]

OLD NEWS (0)

Anonymous Coward | more than 6 years ago | (#22937156)

c'mon, Slashdot....this was reported all over the place a few weeks ago!

This is why RFID is bad (4, Insightful)

Bman21212 (1067680) | more than 6 years ago | (#22937198)

This is why RFID is bad. It gets hacked, the banks and credit card companies ignore it and claim it is secure. Wait a week or two and repeat.
Sure it MIGHT be slightly more convenient, but I would rather take the 3 seconds to swipe the card and not have to deal with fraud and identity theft which will take up more time.
RFID is a terrible concept, but at the very least they should make cards with an off switch.

Re:This is why RFID is bad (2, Insightful)

172pilot (913197) | more than 6 years ago | (#22937424)

RFID is not a terrible concept - I would say instead that deployments that assume security are badly designed implementations.. For example, it may be that a grocery chain can still reasonably assume that efficiencies gained by using RFID outweigh the risks of being shoplifted blind by a 15 year old with a microcontroller who is re-programming the cigarette cartons to think they're snickers bars and taking them through the self-checkout... Perhaps it's good enough to track books at the public library too, but I wouldn't think it's a good idea to link it to a personal bank through an e-commerce site..

Re:This is why RFID is bad (1)

denton420 (1235028) | more than 6 years ago | (#22937626)

Cards that turn off? That sounds like something a government employee would think up.

I can see the headlines now about secure RFID cards that are only turned on when signaled to at checkout counters.

Step 1 ) Turn on card.

Step 2 ) Hack card.

Re:This is why RFID is bad (2, Insightful)

kitgerrits (1034262) | more than 6 years ago | (#22938250)


The fault lies not in RFID, but in a lousy security implementation.
The same principle applies to cards that use metal contacts.
(Did you see the ATM hack in Terminator 2?)

My college has that type of cards, only with direct electrical contacts.
It was only slightly harder to analyse (dummy card & card holder to tap the signal),
    but the encryption on it was simply impossible.

Don't blame RFID on the things it's (ab)used for.
Those radio-gates at stores are based on RFID.
Modern (Computer) factories use RFID to track orders, instead of barcodes.
RFID is a read-write barcode. As long as it's used in a closed, secure system, it's just fine.

Re:This is why RFID is bad (1)

swillden (191260) | more than 6 years ago | (#22940028)

This is why RFID is bad. It gets hacked, the banks and credit card companies ignore it and claim it is secure.

If RFID is bad, this situation has nothing to do with why. Everyone in the industry has known for many years that MIFARE classic was insecure. At the time it was developed it was about the best that could be done, but we all knew that their proprietary cipher was likely to be crap, and used small keys besides. Really, the only surprise is that it took this long for it to be cracked (and I think it's entirely possible that it didn't take this long).

This situation says nothing at all about the security of cards that use RSA and AES as their ciphers.

After this article... (2, Funny)

zappepcs (820751) | more than 6 years ago | (#22937210)

NXP downplays the significance of the hack, saying that that model of RFID card uses old technology and they do a much better job these days.
means absolutely fuck all....

Next hackers to try the new stuff in 3... 2.... 1...

H4x0r3d !! All your code are belong to us!

Seriously, I know they need to try, but personally I don't think they ever try hard enough. Mostly this is due to convenience of not having to generate millions of keys and other such secure ideas. Sometimes I wonder why they try to make it cheap instead of just trying to make is safe? To save a couple of bucks per device? Security is not cheap or easy. period. ever.

Re:After this article... (0)

Anonymous Coward | more than 6 years ago | (#22937314)

I would like to be the definition of "fuck all" as well. where do i sign up?

Re:After this article... (1)

zappepcs (820751) | more than 6 years ago | (#22937338)

Elephant and Castle tube station would be a good place to ask...

Re:After this article... (1)

Antique Geekmeister (740220) | more than 6 years ago | (#22938304)

A couple of bucks per RFID tag really, really adds up fast. Do you want to accept some losses, or do you want to jack up the cost of a $2 subway ride by $1 to pay for a better RFID tag on the card, and the readers to go with it?

off topic (1)

pcruce (1248328) | more than 6 years ago | (#22937218)

What is going on? Why aren't there any april fools posts? From omgponies to this? Is something broken or is the joke on me? I didn't see some obvious ones so I submitted them, yet still not posted. I'm sooo confused.....

Dutch hackers did this a month ago (0)

Anonymous Coward | more than 6 years ago | (#22937304)

This very same hack, of the NXP Mifare Classic, was widely published in the Dutch media about a month ago. Only it was first done by students of the Radbout University of Nijmegen, who set out to prove that the encryption of the new start card system to be used on all of Holland's public transport system, using the Mifare Classic, was insecure. They wildly succeeded: the issue led to lots of debate in parliament and possible postponing of the whole (horrible) idea.

Link in Dutch: http://tweakers.net/nieuws/52381/mifare-chips-eenvoudig-volledig-te-kraken.html [tweakers.net]

Chess Club (1, Funny)

Anonymous Coward | more than 6 years ago | (#22937358)

kamlapati sends us to EETimes for news that the Chaos Computer Club in Germany and researchers from the University of Virginia have cracked the encryption scheme used in a common RFID chip,

Dammit - that's the second time this week I've scanned the story too fast and wondered why on earth a German Computer Chess Club cared so much about internet security...

Possible to duplicate RFID cards? (2, Interesting)

raju1kabir (251972) | more than 6 years ago | (#22937394)

I just moved into an apartment building that uses a card to access the lift. The sensor is at shoulder height so I can't just hip-swipe it.

Digging this card out every time I want to go home is annoying me tremendously. It's hard to fish it out of my pocket when I am carrying other stuff, and often ends up sending bits of cash flying everywhere.

Additionally, the building charges US$50 (nonrefundable) for a spare card, so when we have houseguests, we end up playing all kinds of games to make sure everyone can get back in from wandering around.

I would love to copy the RFID element onto a keyfob like I have for the office, so I can just dig out my keychain - easy to find, easy to retrieve from a pocket - instead of a big flat card. Is this a service anyone offers, or is it something I can do on my own with the right equipment (preferably $50 of course)?

Re:Possible to duplicate RFID cards? (1)

Scytheford (958819) | more than 6 years ago | (#22937482)

Odds are in favour of the reader being strong enough to pick up the tag in your card from inside your wallet. Order your cards such that your key is on the outermost layer and you should just be able to fob your wallet across it just fine.

I wonder if this hack affects the flavour of RFID tags used in Brisbane's newly introduced Go-Card public transport ticketing system. I'd hope not.

Re:Possible to duplicate RFID cards? (4, Interesting)

langelgjm (860756) | more than 6 years ago | (#22937490)

I would love to copy the RFID element onto a keyfob like I have for the office, so I can just dig out my keychain - easy to find, easy to retrieve from a pocket - instead of a big flat card. Is this a service anyone offers, or is it something I can do on my own with the right equipment (preferably $50 of course)?

It depends on the card technology. Most stuff these days (transit passes, etc.) seem to be using 13.56 MHz equipment, but some low-security access applications still use the old 125 kHz technology. I don't really know anything about 13.56 MHz equipment. As for 125 kHz stuff, it's trivial to read the data from the card, and there are a lot of RFID kits out there that will let you write data to cards. I am specifically looking at this kit [sonmicro.com] for writing to 125 kHz cards.

First thing you'd need to do is to find out what kind of reader it is - get the brand name, go to the website, and find the model that looks like your reader. Check the datasheet to find out what kind of cards it reads, etc. That'll get you started. All that said, it'll probably be a lot simpler (and for one or two cards, cheaper) just to buy them :-)

Re:Possible to duplicate RFID cards? (1)

raju1kabir (251972) | more than 6 years ago | (#22937628)

Looks like it's this one - HID Thinline 2 [hidcorp.com] - which is 125kHz.

You're probably right about it being cheaper to just pony up for a spare card, but I do have a masochistic urge to embark on elaborate and expensive projects.

If the SonMicro kit at US$96 will write to these cards then that looks interesting. Though on their forum I see something about needing "credits" to program cards, and after every so many write operations you have to go back and get more credits from SonMicro or you go read-only. That seems like a downer. Perhaps I am misreading things.

Re:Possible to duplicate RFID cards? (1)

langelgjm (860756) | more than 6 years ago | (#22937710)

Hm, I'm glad you pointed that out, about the credits, I hadn't noticed that. Also, I am not sure if that kit is compatible with HID equipment (there's something about that in the forums, too).

They use HID equipment where I am, and while I don't really care about reading/writing to our HID cards, I do need to find out if HID readers can read other brand cards (e.g. Atmel, etc). It may be the case they cannot, which would mean we are out of luck :-(

Re:Possible to duplicate RFID cards? (1)

lililalancia (752496) | more than 6 years ago | (#22938484)

http://rfidiot.org/ [rfidiot.org]

downplaying the white elephant (3, Insightful)

SuperBanana (662181) | more than 6 years ago | (#22937398)

NXP downplays the significance of the hack, saying that that model of RFID card uses old technology and they do a much better job these days.

...except that more than half of the world's largest transit systems use MiFare Classic- they're all truly fucked, and it wouldn't surprise me if the mafia are already cloning/selling counterfeit cards, especially in Asia. Also, apparently in some countries MiFare Classic cards are as prevalent as HID Proxcards are in the US for building access.

Also, for those of you claiming read distance is enough protection- sure, the reader on the bus can only read your card at an inch or two. Well, see- there are commercial solutions that can do much more. HID, for example, makes a one-foot-square reader capable of reading proximity cards at a distance of over a foot, sometimes almost two feet. Antenna size (for receiving the card response) and power levels (for energizing the card) are all that matter here, really.

Now, think about how close you get to people as you board a bus and grab a seat at the back- how many pocketbooks and wallets you can easily come within a foot (or less.) Now think about how big an antenna you could put in a bookbag or briefcase...

Re:downplaying the white elephant (3, Informative)

moderatorrater (1095745) | more than 6 years ago | (#22937734)

Antenna size (for receiving the card response) and power levels (for energizing the card) are all that matter here, really.
Let's not forget physics. The amount of power that it takes to energize a card goes up by a power of 3 as you double the range. The same can be said for the signal put out by the RFID card. Building a better antenna for reading the card will decrease the required signal strength linearly. I don't see any reason you couldn't use a directional dish to send and receive the signals for the RFID card, but it's a little harder to hide a satellite dish, and it'll only send in one direction, meaning you can't really do a passive long-distance reader with that method.

So, increasing the distance isn't as trivial as you seem to imply. getting it to a few feet is probably doable without attracting a lot of attention, but getting it to more than ten feet doesn't sound plausible at all.

Re:downplaying the white elephant (1)

thorndt (814642) | more than 6 years ago | (#22938198)

Satellite dish? Try a phased array. Think small flat panel antenna with directional gain like a satellite dish.

Behold -- science. (4, Funny)

jesdynf (42915) | more than 6 years ago | (#22937636)

That's right. Science. We have reached the point where we might have to send a technician out to do a firmware update on *a crate of soup*.

"Oh, no, sonny. That there pallet's running v1.47a -- the cyberinjuns cracked that dekacycles ago. Hardly know what's in there now. Could be tomato, could be chicken noodle. Send that back on the factory. We'll get you some nice v1.49 soup out here. Won't be half a cycle."

Forget the soup... (2, Funny)

Smarty_Pantz (1178345) | more than 6 years ago | (#22937826)

Forget the soup!

Can they read the chip on my shoulder?

Some insider info... (0)

Anonymous Coward | more than 6 years ago | (#22937726)

I used to work for a large company that deals with transit smart card applications (including Mifare Classic) and despite the other flaws in the system one thing they did do was encryption on the updated buffer they sent it back to the card if they thought the card encryption was too weak. So not only do you have the card encryption, you also have encryption of the data going onto the card and keyed secure hashes to ensure it hadn't been modified by a 3rd party even if the other 2 layers of encryption were broken.

Can't speak for other manufacturers, but ours were secured up the ying-yang.

hardhack (2, Interesting)

joeflies (529536) | more than 6 years ago | (#22937772)

Although the eetimes article in the link says the encryption was broken easily, the way they developed the attack does not seem to be easy in any sense of the word. They analyzed the chip [computerworld.com] using high powered microscopes and slicing off layers to analyze the gates involved in the encryption. If that's considered "easy", then I'd sure like to see what eetimes considers "hard".

Re:hardhack (0)

Anonymous Coward | more than 6 years ago | (#22938072)

Automated electron microscope reverse engineering of large integrated circuits.

Re:hardhack (1)

Tensor (102132) | more than 6 years ago | (#22938518)

OMFG ... that was an easy hack ??? this is now recategorized as an awesome hi-tech hack Thanks, i hadn't really bothered to RTFA as it was quite short (yeah, the irony) and thought it was basically the same as the writeup.

Security Idea (1)

Idiomatick (976696) | more than 6 years ago | (#22937804)

Why not disallow hammering? I mean have the chip block attempts more than 1ce per 30seconds. In a bus pass system i cannot see this being a problem. Or better yet, have it beep when it gets read. I'd love to see someone trolling for a pass and 60 peoples cards beep. This of course would solve the pass system only, not shipping or w/e but they don't use it in a security intensive system (ussually).

Re:Security Idea (0)

Anonymous Coward | more than 6 years ago | (#22939122)

This leaves them vulnerable to a DOS attack instead :-) Imagine the chaos that could be caused by somebody reading every card at the entrance to a busy London underground station.... That would (literally) bring traffic to a stop.

And as for making them beep: That takes battery power. And they need to beep loud enough to be heard from inside your pocket while a train is thundering past. Don't think that will work.

Please go back to square 1.

They broke Philips/NXP CRYPTO1 (4, Informative)

bigberk (547360) | more than 6 years ago | (#22938368)

To clarify a few things. First of all this has been known for a few months. The earliest mention I saw was December 29, 2007: MiFare's CRYPTO1 algorithm mostly reverse-engineered [cryptanalysis.eu] . More information, including a slide show, is presented in this January 1, 2008 post: Mifare crypto1 RFID completely broken [hackaday.com]

Quick background: NXP (Philips) creates a line of smart cards called "Mifare" based on proprietary protocols, including the CRYPTO1 cipher (undocumented, proprietary). There are a lot of Mifare cards deployed, and there is a huge element of security through obscurity especially if you rely on proprietary protocols, such as CRYPTO1 algorithm.

This research, as linked above (and posted in this slashdot article... old news) shows that CRYPTO1 stream cipher is horribly broken, based on a terribly insufficient random number generator. Besides busting this example of security through obscurity, the target technology is actually deployed in a very wide range of uses. Meaning, this attack has many real world consequences.

Dupe: I wonder how actual this is.... (1)

thrill12 (711899) | more than 6 years ago | (#22938414)

...because the crack was already done a few [computerworld.com] months [contactlessnews.com] ago - I think the referred article only just picked it up [virginia.edu]

Mifare card cracked !! (2, Informative)

MSDev (731832) | more than 6 years ago | (#22939104)

The announcement of a new stronger card format for Mifare cards didnt come as much of a supprise after they announced that mifare was 'crackable'. However, the demo and explination of how they cracked it is somewhat dubious. What i mean by this is that the cards have several data size formats but each card has a number of data sectors with read write keys. These keys can be the same or they can differ i.e one RW pair for each memory block. Theyve cracked one sector with one RW key, but not all. Thus cloning cards will still be near impossible - yes i know this is relative in computing terms.

Re:Mifare card cracked !! (1)

swillden (191260) | more than 6 years ago | (#22940060)

The announcement of a new stronger card format for Mifare cards didnt come as much of a supprise after they announced that mifare was 'crackable'.

It also didn't come after the announcement of the crack. More secure cards using open, standard and well-proven algorithms like RSA and AES have been on the market, including from NXP, for years.

oooo sweet (0)

Anonymous Coward | more than 6 years ago | (#22939490)

I can't wait until the RFID systems in place for government issued passes and such are cracked, too.

Destroy their usefulness... ALL OF THEM.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?