Mifare RFID tags reverse engineered


in Geek stuff, Security

I have written before about security weaknesses in pin-and-tumbler mechanical locks. I suggested that electronic token based systems have a greater capacity to be secure, since they do not rely upon mechanical parts that can be manipulated.

Of course, poorly designed electronic systems can also be breached easily. That was demonstrated in September, in relation to the KeeLoq system used for keyless entry in many cars. Now, another brand (Mifare) of RFID tags have been reverse engineered and found wanting. As is usually the case on matters of physical security, I saw this story first on blackbag.

{ 13 comments… read them below or add one }

R.K. January 7, 2008 at 11:36 am

Apparently, these are the kind of RFID tags used by the Oyster cards on the London Underground.

Expect people to start selling cloned or otherwise fradulent cards pretty soon…

R.K. January 7, 2008 at 11:40 am
R.K. January 7, 2008 at 11:41 am

The Oyster card is a contactless smartcard, with a claimed proximity range of about 8 cm (3 inches). The scheme is operated by TranSys, and is based on Philips’ MIFARE Standard 1k chips provided by G&D and SchlumbergerSema.

letsee January 10, 2008 at 5:06 am

So does that mean I will be able to ride the tube for free soon? Wow if this is the case tons of hackers are now working on cracking the mifare algorithim!! I mean it is done is china and taiwan right? so why not in london!! guess it is time for the migration back to cash :))

Milan January 10, 2008 at 8:57 am


A lot depends on how the Oyster system is designed. It may be that the MIFARE cards are flawed but the system remains secure, or mostly secure.

No doubt, people are already investigating it.

. January 21, 2008 at 1:02 pm

Dutch RFID Transit Card Hacked

By schneier

The Dutch RFID public transit card, which has already cost the government $2B — no, that’s not a typo — has been hacked even before it has been deployed.

. March 12, 2008 at 9:19 am
. March 12, 2008 at 9:20 am

This concerns all (access control)cards containing the so called ‘mifare classic-chip.’

We guess around two million access control cards are in use in the Netherlands, worldwide we assume two billion.

. March 14, 2008 at 9:52 am

London Tube Smartcard Cracked

Looks like lousy cryptography.

Details here. When will people learn not to invent their own crypto?

Note that this is the same card — maybe a different version — that was used in the Dutch transit system, and was hacked back in January. There’s another hack of that system (press release here, and a video demo), and many companies — and government agencies — are scrambling in the wake of all these revelations.

. July 21, 2008 at 12:33 pm

Oyster card hack to be published

In Technology

A Dutch judge rules that details of how to copy Oyster cards can be published.

. July 25, 2008 at 10:27 am

Hacked Oyster Card System Crashes Again

By kdawson on no-pearls-in-sight

Barence sends along PcPro coverage of the second crash of London’s Oyster card billing system in two weeks. Transport for London was forced to open the gates and allow free travel for all. “There is currently a technical problem with Oyster readers at London Underground stations which is affecting Oyster pay as you go cards only,” explains the TfL website. This follows the first crash two weeks ago, which left 65,000 Oyster cards permanently corrupted. Speculation is increasing that the crashes may be related to the hacking of the Oyster card system by Dutch researchers from Radboud University, though TfL denies any link. Plans to publish details of the hack were briefly halted when the makers of the chip used in the system sued the group, although a judge ruled earlier this week that the researchers could go ahead. During the court action, details briefly leaked on website Wikileaks.

. August 30, 2008 at 12:10 pm

Credit-card companies killed Mythbusters segment on RFID vulnerabilities

By Cory Doctorow on Gadgets

Check out the first two minutes of this clip of Mythbusters’ Adam Savage telling the folks at the HOPE hackercon about how the Discovery Channel was bullied by big credit-card companies out of airing a program about how crappy the security in RFID tags is. Arphid Watch: Mythbusters and RFID

. October 10, 2011 at 8:47 pm

The long-running security battle has seesawed against RFID cards, as German researchers revealed a way to clone one type of card currently used for a variety of purposes, from transit fares to opening doors in NASA facilities.” According to the article, “NXP Semiconductors, which owns Mifare, put out an alert to customers warning that the security had been cracked on its MIFARE DESFire (MF3ICD40) smartcard but saying that model would be discontinued by the end of the year and encouraging customers to upgrade to the EV1 version of the card.” This response may sound familiar.

Leave a Comment

{ 3 trackbacks }

Previous post:

Next post: