Friday, January 2, 2009

25C3: Many RFID Cards Poorly Encrypted

Via Heise Security -

Karsten Nohl, the security investigator who had a big hand in cracking NXP's Mifare Classic chips, says many RFID smartcards from other manufacturers are also vulnerable to a simple hacker attack. He told the 25th Chaos Communication Congress (25C3) in Berlin that "Almost all RFID cards use weak proprietary encryption systems" and only the latest types were any better. For example, several generations of Legic, HID and Atmel cards have holes in their armour.

RFID cards are used today to control access to buildings, rooms, cars or electronic devices. Mifare chips are also widely used in payment systems, such as those in short-distance public transport. The general expectation is that such RFID tags, all operating on the same frequency of 13.56 MHz, will evntually be used as generic identifiers for products and people, and they are already in use in passports and credit cards. However, said Nohl, the chip manufacturers have so far criminally neglected the standard of encryption used by these chips and the standard of the reading systems, which ought to satisfy the requirements of both data protection and system security.

No comments:

Post a Comment