MifareClassic
Latest
Oyster Card RFID hack gets detailed
The vulnerability of cards based on the Mifare Classic RFID chip (like the Oyster Card used for the London Underground) has been known for some time now but, unsurprisingly, some pesky legal business has prevented the complete details from being published. That has now finally been cleared up, however, and Professor Bart Jacobs and his colleagues from Radboud University have promptly published their complete paper online. What's more, NXP Semiconductors, makers of the Mifare chip, are also now commenting on the matter, and saying that it never intended to completely stop publication of the research, but rather that it simply wanted to give customers time to update their systems. NXP's Steve Owen also adds that the company now doesn't "recommend the use of Mifare Classic for new installations," and that it's "working with customers to review their security." Those looking to dig in can find the paper at the link below and, in case you missed it the first time around, there's a video explaining the basics after the break.[Via BBC Click]
Oyster Cards vulnerable to RFID hack, lots of other systems too
Sure, it's fun to say that one billion RFID cards are now at risk due to the Mifare Classic's broken encryption, but it's another thing to comprehend how widespread the fallout could potentially be -- the London Underground's Oyster Card is based on the chip, for example. And that's just the tip of the iceberg: a new report says that the system can be broken in minutes using a typical PC -- check the video after the break for a demonstration. We've also listed all the other now-potentially-vulnerable Mifare RFID implementations we could find, but there's got to be more -- put 'em in comments!
One billion RFID cards vulnerable to hacks
Even as RFID tech grows more and more ubiquitous, fears about its safety and security haven't dwindled -- which is why we're just disappointed, not surprised, to learn that over 1 billion RFID cards based on the Mifare Classic RFID chip are now at risk. Two different teams of security researchers managed to crack the encryption on the cards, which form the basis of a national payment system in the Netherlands and are used widely in other applications around the world. With the encryption broken, hackers can now make perfect clones of the cards, spoiling all that radio-frequency fun. There's no word on how easy that actually is yet, however -- one of the two hacks will be demonstrated later this week, and the other is being kept secret -- but still, it might be time to go back to cash and bump-proof locks, eh?
