Comments on: 24C3 Mifare crypto1 RFID completely broken

By: ariyus

ariyus — Sat, 04 Apr 2009 15:29:03 +0000

Interesting presentation, understood cryptography very pleasure

By: James

James — Wed, 02 Apr 2008 06:04:35 +0000

"i seem to recall that a few years ago somebody was busted right from the stage where he gave his crypto presentation (in the us)."

So the cops who busted this person understood cryptography enough to make the arrest confidently? I find that terribly hard to believe.

What would be funny would be to present mathematical mumbo-jumbo, get arrested by some stupid thug cops who were rented by a company (who else would arrest someone without knowing why), and the sue their sorry asses for wrongful arrest and hopefully make some cash in the process.

By: Salvatore D\'Agostino

Salvatore D\'Agostino — Wed, 12 Mar 2008 04:27:01 +0000

NXP responded today. Seems to use AES, does anyone know the implications of the hack on Mifare Plus? http://www.nxp.com/news/content/file_1418.html

By: rng

rng — Thu, 10 Jan 2008 15:03:59 +0000

Alex,
It is clear that a ten years old chip is completely outdated and does not meet the todayâs security standards, but for public transit systems or for identification of people, counting animals, pay in the canteen and â¦ many moreâ¦. is still good enough. There are many applications where you donât need such a high level of accuracy. Of course, for banking cards or for the new smart passports these ten years old chips are not applicable and youâll have to spend more money to buy some of the latest generation smart cards – security has its price.
I donât underestimate the work presented here. I just say that breaking such an old chip it is not a big breakthrough and the effort is not paid back. Again, the hacking method presented here would be quite feeble if applied on the recent nxp smart cards.

By: dontwantto

dontwantto — Thu, 10 Jan 2008 12:01:03 +0000

@Karsten: The legal side of your case is starting to intrigue me. In your presentation you clearly stated that your findings on the Mifare Classic chip mean that the Philips car key chips are not secure any longer and that people should start migrating. This is a wrong statement. (It does not matter whether those car key chips are weak too or not.) Now, should Philips find that the sales of their car key chips are declining in the wake of the current media attention – something that is not unlikely to happen – then they will come back to you and sue you for compensation. Given that this is a multi-million dollar business for them, they are likely to sue you for many millions of dollars. And since you have named your University as affiliation in your presentation, it can be sued as well now, and that would be the US, where big money can be sued for. All this may take many years, but I am afraid that Philips will win. This is a clear-cut case. You gave them all the arguments they need on a silver plate. So you should consider your next steps rather carefully. Well, you have my sympathy.

By: alexlh

alexlh — Wed, 09 Jan 2008 17:28:57 +0000

rng,

It may be a ten year old card, but it's being deployed *today* in new public transit systems and other places.

Why don't you take the next step and break the nxp cards yourself? :)

A.

By: rng

rng — Tue, 08 Jan 2008 19:35:53 +0000

Well done, but you have broken 10 years old chip with a poor pseudo RNG inside. Would be more impressive trying to hack some of the recent nxp smart cards. Don’t believe the “kitchen” approach would work there.

By: dontwantto

dontwantto — Tue, 08 Jan 2008 15:22:44 +0000

@monica: copyright infringement… I believe the algorithm used in these chips is protected by trademarks. Companies often do this to protect themselves against competitors and illegal clones made in, e.g., China. So, the “security by obscurity” referred to in the presentation is mostly a commercial measure. But it does have the down-side of not having been peer-reviewed, fair enough.

@karsten: You might indeed want to watch out for being sued for infringing trademark secrets here – the US is particularly nasty in this respect. It is not at all the same as academically showing how to hack an open standardized system. I seem to recall that a few years ago somebody was busted right from the stage where he gave his crypto presentation (in the US).

By: Henryk PlÃ¶tz

Henryk PlÃ¶tz — Tue, 08 Jan 2008 15:13:57 +0000

@dontwantto: In principle, yes, even the full disclosure of the algorithm (and hence a fast possibility to crack the keys) should, in a properly designed system, 'only' yield the possibility to clone cards. However, the dutch transport system for example (OV-chipkaart) has readers in disconnected operation, so the back office *can't* see anything until the end of the day. And in the past even simpler exploits against the unencrypted mifare ultralight cards were possible, see http://staff.science.uva.nl/~delaat/sne-2006-2007/p41/report.pdf

By: dontwantto

dontwantto — Tue, 08 Jan 2008 13:57:34 +0000

@ monica: For now they have not hacked the entire card including secret keys etc, but even if they had, the most this would give is indeed a – single – free ride. I would imagine that what is called the “back office” of the system operator will pick up that there is a 2nd card around and will put it on a black list. Both cards, actually. So neither will work in the future. This is not economical for hackers to do (nor is it for the owner of the original card). So, as always in security systems, you have to look at the entire system for a proper security assessment. In transport it makes much more (economical) sense to place most of the security in the back office and only use cheap cards with relatively little security on them in the field. Otherwise we would all be paying more for each subway ride, and who wants that? :-)

By: Monica V

Monica V — Mon, 07 Jan 2008 23:31:04 +0000

Interesting presentation, what does it exactly can I do with this information? Can I ride the tube for free? and Is there a possible copyright infringement happening here?

By: karsten

karsten — Mon, 07 Jan 2008 19:50:15 +0000

We realized only after the talk that the car keys use a variant of the same crypto; at least they did in the past. Weaknesses that arise through the insufficient key length and weak cryptographic structure apply equally.

By: dontwantto

dontwantto — Sun, 06 Jan 2008 19:05:16 +0000

Interesting presentation, but sadly a couple of wrong statements. For one thing, these chips are not used in car keys. But I guess it is just more sexy to add some spice to the story rather than simply staying with the facts. It would have been a good achievement even without all these false statements.

By: GRAMMAR NAZI

GRAMMAR NAZI — Sat, 05 Jan 2008 00:32:14 +0000

stop saying on accident. it’s _by_ accident, or _on_ purpose. i command thee. vote quimby.

By: paige

paige — Thu, 03 Jan 2008 06:00:07 +0000

that was a great video, I can’t wait to see what comes of this. It is interesting to see that most of the problems are not related to technological limits but the limits of the designers and their intelligence.