Serious RFID vulnerability discovered
A group of a Dutch university’s digital security researchers discovers a major security flaw in a popular RFID tag; discovery can have serious commercial and national security implications; as important as the discovery itself was how the researchers handled the situation
RFID technology is gaining new adopters, and some governmental organizations now develop policies to push for an even faster adoption of the technology (see HSDW story). This story is not going to help this trend: A week ago researchers and students of the Digital Security group of the Radboud University Nijmegen have discovered a serious security flaw in a widely used type of contactless smartcard, also called RFID tag. It concerns the Mifare Classic RFID card produced by NXP (formerly Philips Semiconductors). Earlier, German researchers Karsten Nohl en Henryk Plötz pointed out security weaknesses of this cards. Worldwide around one billion of these cards have been sold. This type of card is used for the Dutch “ov-chipkaart” (the RFID card for public transport throughout the Netherlands) and public transport systems in other countries (for instance, the subway in London and Hong Kong). Mifare cards are also widely used as company cards to control access to buildings and facilities. All this means that the flaw has a broad impact. Because some cards can be cloned, it is in principle possible to access buildings and facilities with a stolen identity. This has been demonstrated on an actual system. In many situations where these cards are used there will be additional security measures; it is advisable to strengthen these where possible.
The Digital Security group found weaknesses in the authentication mechanism of the Mifare Classic. In particular:
1. The working of the CRYPTO1 encryption algorithm has been reconstructed in detail
2. there is a relatively easy method to retrieve cryptographic keys, which does not rely on expensive equipment
Combining these ingredients, the group succeeded on mounting an actual attack, in which a Mifare Classic access control card was successfully cloned. In situation where there are no additional security measures, this would allow unauthorized access by people with bad intentions.
The Mifare Classic is a contactless smartcard developed in the mid-1990s. It is a memory card which offers some memory protection. The card is not programmable. The cryptographic operations it can perform are implemented in hardware, using a so-called linear shift feedback register (LSFR) and a “filter function.” The encryption algorithm this implements is a proprietary algorithm CRYPTO1 which is a trade secret of NXP. The security of the card relies in part on the secrecy of CRYPTO1 algorithm, which is known as “security by obscurity.”
Mifare Classic cards are typically used for authentication.