Mifare RFID tags reverse engineered

I have written before about security weaknesses in pin-and-tumbler mechanical locks. I suggested that electronic token based systems have a greater capacity to be secure, since they do not rely upon mechanical parts that can be manipulated.

Of course, poorly designed electronic systems can also be breached easily. That was demonstrated in September, in relation to the KeeLoq system used for keyless entry in many cars. Now, another brand (Mifare) of RFID tags have been reverse engineered and found wanting. As is usually the case on matters of physical security, I saw this story first on blackbag.

Author: Milan

In the spring of 2005, I graduated from the University of British Columbia with a degree in International Relations and a general focus in the area of environmental politics. In the fall of 2005, I began reading for an M.Phil in IR at Wadham College, Oxford. Outside school, I am very interested in photography, writing, and the outdoors. I am writing this blog to keep in touch with friends and family around the world, provide a more personal view of graduate student life in Oxford, and pass on some lessons I've learned here.

16 thoughts on “Mifare RFID tags reverse engineered”

  1. Apparently, these are the kind of RFID tags used by the Oyster cards on the London Underground.

    Expect people to start selling cloned or otherwise fradulent cards pretty soon…

  2. The Oyster card is a contactless smartcard, with a claimed proximity range of about 8 cm (3 inches). The scheme is operated by TranSys, and is based on Philips’ MIFARE Standard 1k chips provided by G&D and SchlumbergerSema.

  3. So does that mean I will be able to ride the tube for free soon? Wow if this is the case tons of hackers are now working on cracking the mifare algorithim!! I mean it is done is china and taiwan right? so why not in london!! guess it is time for the migration back to cash :))

  4. letsee,

    A lot depends on how the Oyster system is designed. It may be that the MIFARE cards are flawed but the system remains secure, or mostly secure.

    No doubt, people are already investigating it.

  5. This concerns all (access control)cards containing the so called ‘mifare classic-chip.’

    We guess around two million access control cards are in use in the Netherlands, worldwide we assume two billion.

  6. London Tube Smartcard Cracked

    Looks like lousy cryptography.

    Details here. When will people learn not to invent their own crypto?

    Note that this is the same card — maybe a different version — that was used in the Dutch transit system, and was hacked back in January. There’s another hack of that system (press release here, and a video demo), and many companies — and government agencies — are scrambling in the wake of all these revelations.

  7. Hacked Oyster Card System Crashes Again

    By kdawson on no-pearls-in-sight

    Barence sends along PcPro coverage of the second crash of London’s Oyster card billing system in two weeks. Transport for London was forced to open the gates and allow free travel for all. “There is currently a technical problem with Oyster readers at London Underground stations which is affecting Oyster pay as you go cards only,” explains the TfL website. This follows the first crash two weeks ago, which left 65,000 Oyster cards permanently corrupted. Speculation is increasing that the crashes may be related to the hacking of the Oyster card system by Dutch researchers from Radboud University, though TfL denies any link. Plans to publish details of the hack were briefly halted when the makers of the chip used in the system sued the group, although a judge ruled earlier this week that the researchers could go ahead. During the court action, details briefly leaked on website Wikileaks.

  8. The long-running security battle has seesawed against RFID cards, as German researchers revealed a way to clone one type of card currently used for a variety of purposes, from transit fares to opening doors in NASA facilities.” According to the article, “NXP Semiconductors, which owns Mifare, put out an alert to customers warning that the security had been cracked on its MIFARE DESFire (MF3ICD40) smartcard but saying that model would be discontinued by the end of the year and encouraging customers to upgrade to the EV1 version of the card.” This response may sound familiar.

Leave a Reply

Your email address will not be published. Required fields are marked *