Windows IT Pro is the leading independent community for IT professionals deploying Microsoft Windows server and client applications and technologies.
  
  
  Advanced Search 


March 14, 2008

Countless RFID Cards At Risk

RSS
Subscribe to Windows IT Pro | See More Security Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!

Researchers have proved that cracking the cryptography of RFID cards that use Mifare Classic (Standard) integrated circuits (ICs) takes only a matter of seconds. Such cards are widely used around the world to control various types of access. The ICs were originally introduced in 1995.

In late February the Dutch government's TNO Information and Communications unit issued a warning report about the weakness of the ICs, which are used in RFID cards for access to public transportation. The warning stems from a presentation given by the Chaos Communication Club (CCC) in December 2007. During the presentation, CCC pointed out that the existence of severe weaknesses in Mifare Classic RFID card, made by NXP Semiconductors, an independent company and formerly a division of Royal Philips Electronics.

CCC's report led to further research and on March 10 "Karsten Nohl, a graduate student in the Department of Computer Science at the University of Virginia, released a report on his analysis of the cryptography used by the Mifare Classic ICs. The Dutch government had said that cracking the encryption would require $9,000 in hardware and hours of time. However, according to Nohl, a successful crack could be perfomed on a typical desktop PC in a matter of seconds.

Subsequently, the Digital Security Group (DSG) at Radboud Universiteit Nijmegen conducted further research that involved exploiting weaknesses in the encryption protocol. DSG was able to successfully retrieve cryptographic keys without the use of high-cost equipment. The researchers were then able to reproduce a copy of the card which could then be used at will. DSG published a video on YouTube (seen below) that demonstrates the ease of the attack. DSG also issued a press release about its work.

According to NXP, there are over 200 million Mifare Classic ICs in use around the world. However, a related story by the Associated Press claimed that "2 million cards in the Netherlands and a billion globally" use the ICs.

End of Article



Reader Comments

You must be a registered user or online subscriber to comment on this article. Please log on before posting a comment. Are you a new visitor? Register now




Top Viewed ArticlesView all articles
Battery Life Issues Almost Certainly Not Windows 7's Fault

While Microsoft is still investigating a notebook battery life issue that was supposedly caused by Windows 7, some interesting trends have emerged. ...

Confirmed: Battery Life Issues Not Windows 7's Fault

Microsoft on Monday issued a lengthy statement about the recent Windows 7 battery controversy, echoing my assessment from earlier in the day, but backing it up with hard, cold evidence. ...

Microsoft Warns of Windows Version Expirations

Microsoft warned that this year will see three out-of-date Windows versions slip into retirement. ...


Security Whitepapers Reducing the Costs and Risks of Branch Office Data Protection

Solving Desktop Management Challenges in Healthcare

Solving Desktop Management Challenges in Education

Related Events The Increasing Threat of Financially Motivated Data Theft

Introduction to Identity Lifecycle Manager "2"

SQL Server Security: How to Secure, Monitor & Audit Your Databases

Check out our list of Free Email Newsletters!

Security eBooks Spam Fighting and Email Security for the 21st Century

Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys

Related Security Resources Introducing Left-Brain.com, the online IT bookstore
Looking for books, CDs, toolkits, eBooks? Prime your mind at Left-Brain.com

Discover Windows IT Pro eLearning Series!
Clear & detailed technical information and helpful how-to's, all in our trademark no-nonsense format


Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro DevProConnections IT Job Hound
Left-Brain.com Technology Resource Directory asp.netPRO ITTV Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 © 2010 Penton Media, Inc. Terms of Use | Privacy Statement