Monday, March 17, 2008

Security Card Hacking Fun

This YouTube video demonstrates a possible security card hacking procedure.

The background story is given on a page at the Radboud University Nijmegen website.

On March 7, 2008, research by the Digital Security group has revealed a security vulnerability in Mifare Classic RFID chips, the most commonly used type of RFID chip worldwide, that affects many applications using Mifare Classic.
We have demonstrated that the proprietary CRYPTO1 encryption algorithm used on these cards allows the (48 bit) cryptographic keys to be relatively easily retrieved. Especially for RFID applications where the same common shared key is used on all RFID cards and card readers, which may be the case for instance in access control to buildings, this constitutes a serious risk.

This attack recovers the secret key from the MIFARE reader. To mount the attack we first need to gather a modest amount of data from a genuine reader. With this data we can compute, off-line, the secret key. Recovering the secret key is as efficient as a look-up operation on a table. Our attack is much more efficient than an exhaustive search over the whole 48 bit key space. We have implemented and executed this attack in practice, and managed to recover the secret key within minutes.
The movie below shows a demonstration of the attack on the access control system for our university building.

It should be noted that a more complex strategy is required if multiple authorizations are required, or even if the reader is in a place that is under surveillance - in the real world, anyone who walked up to a card reader with an open laptop computer would be subject for questioning.

After a press release was issued, the Dutch government issued a response. However, the response was issued in encrypted form - namely, in Dutch.

Inhoud pagina: Veel chips in (toegangs)passen te kraken
12 maart 2008
Ga direct naar het volgende onderdeel:
BestandenDe Radboud Universiteit Nijmegen heeft minister Ter Horst zeer recent laten weten dat in het kader van beveiligingsonderzoek naar de OV-chipkaart een methode is ontwikkeld waarmee een groot aantal chipkaarten relatief eenvoudig te kraken en te dupliceren is.

Het gaat hier om alle (toegangs-)passen waarin de zogenaamde Mifare Classic-chip is verwerkt zonder additionele beveiligingsmaatregelen (zoals bij de OV-chipkaart wel het geval is).

Met deze brief stelt de minister de Tweede Kamer op de hoogte over de bevindingen van de Radboud Universiteit Nijmegen.

Enter Babelfish:

In (toegangs)passen many chips to crack
12 March 2008

FilesThe Radboud university nijmegen minister Ter horst know has let very recent that within the framework of beveiligingsonderzoek to Ov-chipkaart have been developed the method with which a large number of is relatively simply chip cards to crack and at dupliceren.

It concerns here all (toegangs-)passen in which the so-called Mifare Classic-chip have been processed without additional beveiligingsmaatregelen (as at Ov-chipkaart are the, however, case).

With this letter the minister the House of Commons concerning the findings of the Radboud informs university nijmegen.

Also see the MIFARE Classic page from NXP Semiconductors.

[mrontemp business] | [mrontemp politics] | [mrontemp technology] | [mrontemp tags]

Sphere: Related Content