Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Technology / Security, Surveillance & Survival

Security, Surveillance & Survival

NXP RFID Encryption Scheme Defeated by University Hackers

The Mifare Classic family has weak encryption algorithms that have not been updated

By Bogdan Botezatu, Hardware Editor

1st of April 2008, 15:28 GMT

Adjust text size:


Stripped RFID card - chip detail
Enlarge picture
The RFID encryption scheme used in the chips manufactured by Philips Semiconductors spin-off NXP has been reportedly defeated by a group of security experts from the Chaos Computer Club (CCC) in a joint collaboration
with a team from the University of Virginia.

According to the report, the crackers not only could read encrypted data, but also they were able to perform additional operations, such as recharging payment cards, cloning RFID cards and even generating new users.

University of Virginia graduate student Karsten Nohl, along with several other colleagues, managed to intercept the data broadcasts from the RFID chips connected to average RFID readers. The chips were then dissected into thin layers, then analyzed with a custom-build optical recognition software application in order to outline the algorithms that generate the encryption keys.

The affected series of RFID tags is the Mifare Classic family, which is extremely popular on the market and, of course, is sold in large volume.

According to a spokesperson for the NXP Austria competence center, the built-in memory chip supports data storage capacities of between 1 to 4 KB. Despite its popularity, the NXP RFID tags are not as safe as their manufacturer claims, as the built-in proprietary 48-bit encoding scheme has not been updated in more than a decade.

The spokesperson claims that the company also ships other RFID chips with improved security algorithms, including Triple DES or AES. However, the manufacturer announced that it will inform its customers about the incident in due time, in order to avoid security breaches and exploitation of the card's security flaws among its customers.

"We will inform our customers about the incident", the spokesman said. "There are certainly applications for which the Classic can be used. We have not plans to withdraw the product from the market," he concluded.

More than that, the company outlined that the RFID chips in the Mifare Classic family are not intended for protecting security-critical data such as passports or electronic health cards.

TAGS:

 RFIDD | NXP | security | Mifare Classic


Rating:
Very Good (4.5/5) 6 vote(s) so far    

Read by 563 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Revolutionary Nokia Eco Mobile Phone Concept

Meet Nabaztag, The Rabbit That Brings The Whole Internet to Your Ears

Brando's Stysen E08: RFID, the Modern 'Open, Sesame!'

Sharkoon to Join the RFID Encryption Bandwagon

The Aegis Bio: the Fingerprint-Protected Vault

Getac's E100: the Tablet PC Version of Rambo

EZSecu EZ850: The Keypad-Enabled Hard-Disk Enclosure

Texas Instruments, MIT, Bring the 1000-Hour Cellphone

Mac OS X, Linux and Windows Vista Hack Fiesta

British Startup to Offer Self-Destructing Laptops

Credit Card Magnetic Strips Hacked!

Prestigio Data Safe II: the Fashionable USB HDD Enclosure

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive