14 DAY TRIAL // Monday marked a dark day for all organizations and institutions that rely on the MIFARE Classic RFID smart cards, as two separately released research papers describe how to hack and clone such cards in a matter of minutes. These cards are used across the globe for access to transit systems and institutions, both private and governmental.
The MIFARE Classic chips are produced by NXP Semiconductors and use a proprietary security protocol. NXP's official figures say that about 2 billion MIFARE Classic cards were sold, but other estimations put the number at over 3 billion world-wide. Security researchers have been warning about a serious flaw in the security protocol employed by the MIFARE Classic since late last year, but companies tried to keep various researchers from disclosing any information through legal action.
NXP sued the researchers from the Radboud University in Nijmegen, The Netherlands, in order to prevent them from publishing a paper on cloning MIFARE Classic chips. In July, a Dutch judge ruled against the company and allowed the researchers to publish their paper, which they eventually did, yesterday. The paper is called Dismantling MIFARE Classic and was presented during the European Symposium on Research in Computer Security (Esorics) 2008.
The paper demonstrates the cloning of an Oyster card used by the public transport services in London, as well as modifying the balance of this prepay card. A similar hack was devised by three MIT students for the Charlie Card used by the Boston subway system. They were planning to present their findings at the DEFCON hacking conference earlier this year. At that time, the Massachusetts Bay Transit Authority (MBTA) obtained a court order, which was later lifted, to prevent them from going public.
Also on Monday, Henryk Plötz, a Ph.D. student from the Humboldt University in Berlin, published his master thesis which fully analyzes the implementation of the encryption algorithm used in the MIFARE Classic. According to the paper, the chip's Crypto1 encryption scheme produces very weak outputs which can be used to easily and with few resources determine the encryption key.
Karsten Nohl, one of the security researchers that warned about the security problems of the chip last year, thinks that by using the information provided by these two papers, the encryption on such RFID cards can be cracked by virtually anyone with a bit of technical knowledge. All that's necessary is a $100 RFID card reader, a computer with average resources and a few minutes.
With over 60 citywide implementations of these cards, the potential for financial fraud is massive, even if NXP Semiconductor claims that these cards should not be used to secure access to important assets, buildings or restricted areas. The company points out that their MIFARE Plus chips that employ the AES encryption protocol are more suitable for this purpose. Indeed, the strength of the AES algorithm is already proven; however, very few institutions have updated their cards.