German Researchers Crack Mifare RFID Encryption - Slashdot

Slashdot is powered by your submissions, so send in your scoop

×

German Researchers Crack Mifare RFID Encryption 44

Posted by Soulskill on Monday October 10, 2011 @03:16PM from the setting-'em-up-and-knocking-'em-down dept.

jfruhlinger writes "The long-running security battle has seesawed against RFID cards, as German researchers revealed a way to clone one type of card currently used for a variety of purposes, from transit fares to opening doors in NASA facilities." According to the article, "NXP Semiconductors, which owns Mifare, put out an alert to customers warning that the security had been cracked on its MIFARE DESFire (MF3ICD40) smartcard but saying that model would be discontinued by the end of the year and encouraging customers to upgrade to the EV1 version of the card." This response may sound familiar.

This discussion has been archived. No new comments can be posted.

German Researchers Crack Mifare RFID Encryption

Search 44 Comments Log In/Create an Account

Comments Filter:

Re:RFID cracked? Shocking! (Score:5, Interesting)

by Necroman ( 61604 ) writes: on Monday October 10, 2011 @03:46PM (#37669140)

Or they had a working solution and wanted to get something out the door to start making money. If creating a new solution only took a month, that's money in the eyes of business leaders that they would not be making. So they make the decision to sell now, then fix the problem later. Plus, as you said, it leads to upgrades.
With something like the security of RFID cards, I would think that shipping with a possible security hole would be a pretty big deal. But its hard to say why the would make such a decision (or how aware of the possibility of it being cracked).

Parent Share
twitter facebook
Re:RFID cracked? Shocking! (Score:4, Interesting)

by plover ( 150551 ) * writes: on Monday October 10, 2011 @04:53PM (#37670358) Homepage Journal

You only have to profile the architecture one time, which this team has already done. Any MIFARE system can now be cracked in 7 hours. Once the POS system's card is analyzed, they'd be able to crack the keys on your particular canteen in 7 hours. And even then, multiple keys is a big problem. If your canteen is operated by some big chain, and that big chain also runs my canteen, what are the chances they have the same keys? I'd bet lots of money on it.
The core of the security problem is that because an implementation is hard and expensive, it's done infrequently. That means companies want to scale them up to drive down the unit costs of implementing them. Vendor X won't invent a new POS card for each client. Your food service company won't even deploy a separate key for each store.
Crack once, steal anywhere. It's an implementation issue. And that's why selling cards vulnerable to side channel attacks is a recipe for failure.

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

390 comments32-Hour Workweek for America Proposed by Senator Bernie Sanders
358 commentsWhat Should Happen to Empty Downtown Office Spaces?
340 commentsHacktivism Erupts In Response To Hamas-Israel War
324 comments'Feedback' Is Now Too Harsh. The New Word is 'Feedforward'
248 commentsWorkers are Resisting Calls to Return to Offices

All I ask is a chance to prove that money can't make me happy.