« Bacteria-fuelled imagination
HVDC transmission for renewable energy »

Mifare RFID tags reverse engineered

I have written before about security weaknesses in pin-and-tumbler mechanical locks. I suggested that electronic token based systems have a greater capacity to be secure, since they do not rely upon mechanical parts that can be manipulated.

Of course, poorly designed electronic systems can also be breached easily. That was demonstrated in September, in relation to the KeeLoq system used for keyless entry in many cars. Now, another brand (Mifare) of RFID tags have been reverse engineered and found wanting. As is usually the case on matters of physical security, I saw this story first on blackbag.

This entry was posted on Sunday, January 6th, 2008 at 6:54 pm and is filed under Geek stuff, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

12 Responses to “Mifare RFID tags reverse engineered”

  1. R.K. Says:
    January 7th, 2008 at 11:36 am

    Apparently, these are the kind of RFID tags used by the Oyster cards on the London Underground.

    Expect people to start selling cloned or otherwise fradulent cards pretty soon…

  2. R.K. Says:
    January 7th, 2008 at 11:40 am

    Oyster card

  3. R.K. Says:
    January 7th, 2008 at 11:41 am

    The Oyster card is a contactless smartcard, with a claimed proximity range of about 8 cm (3 inches). The scheme is operated by TranSys, and is based on Philips’ MIFARE Standard 1k chips provided by G&D and SchlumbergerSema.

  4. letsee Says:
    January 10th, 2008 at 5:06 am

    So does that mean I will be able to ride the tube for free soon? Wow if this is the case tons of hackers are now working on cracking the mifare algorithim!! I mean it is done is china and taiwan right? so why not in london!! guess it is time for the migration back to cash :))

  5. Milan Says:
    January 10th, 2008 at 8:57 am

    letsee,

    A lot depends on how the Oyster system is designed. It may be that the MIFARE cards are flawed but the system remains secure, or mostly secure.

    No doubt, people are already investigating it.

  6. . Says:
    January 21st, 2008 at 1:02 pm

    Dutch RFID Transit Card Hacked

    By schneier

    The Dutch RFID public transit card, which has already cost the government $2B — no, that’s not a typo — has been hacked even before it has been deployed.

  7. a sibilant intake of breath » Blog Archive » Mastercard and RFID Says:
    January 24th, 2008 at 6:18 pm

    [...] Mifare RFID tags reverse engineered [...]

  8. . Says:
    March 12th, 2008 at 9:19 am

    Mifare now fully broken

  9. . Says:
    March 12th, 2008 at 9:20 am

    This concerns all (access control)cards containing the so called ‘mifare classic-chip.’

    We guess around two million access control cards are in use in the Netherlands, worldwide we assume two billion.

  10. . Says:
    March 14th, 2008 at 9:52 am

    London Tube Smartcard Cracked

    Looks like lousy cryptography.

    Details here. When will people learn not to invent their own crypto?

    Note that this is the same card — maybe a different version — that was used in the Dutch transit system, and was hacked back in January. There’s another hack of that system (press release here, and a video demo), and many companies — and government agencies — are scrambling in the wake of all these revelations.

  11. a sibilant intake of breath » Blog Archive » Oyster cards cracked Says:
    March 14th, 2008 at 10:02 am

    [...] while ago, I posted on how the Mifare RFID system had been reverse-engineered. Now, it seems that the Oyster Cards used in the London Underground have been cracked. Painstaking [...]

  12. . Says:
    July 21st, 2008 at 12:33 pm

    Oyster card hack to be published

    In Technology

    A Dutch judge rules that details of how to copy Oyster cards can be published.

Leave a Reply