The physical security of your company and its data just got less secure if your company is one of millions that use a particular kind of smart card designed to give commuters, corporate wage slaves and security specialists quick passage through, security gates and sown the invisible elevator that takes them to the secret headquarters underneath the streets of Cardiff.
A team of German scientistshave demonstrated a hack that lets them make a perfect clone of the kind of magnetic security cardused to give workers in corporate or government buildings –including NASA– and as a daily ticket replacement on busses and subways. The same team broke a previous version of contactless-ID cards fromMifarein2008, prompting the company toupgrade its security, creating a card able to be programmed only once and which contained a unique identifying number that could be checked against the programmed content on the card for extra security.
Higher-functioning cards have come processing capablity, including the ability to create random identifying numbers to help prevent copies,128-bit key encryption, support for AES encryption and a series of other extra features.
Researchers David Oswald and Christof Paar atRuhr University in Germany, who worked on the crack of the KeeLoq remote keyless entry system in 2008, used side-channel analysis for both cracks. The technique relies on use of a probe and oscilloscope to record the card's broadcasts while it's being read by and RFID reader.
It takes about seven hours to crack the security on one card and get its 112-bit encryption key, the researchers said. It only works if you've already spent months profiling the card's architecture, behavior and responses. Cracking time could be cut to as little as three hours, Paar and Oswald said.
The weak point for the MF31CD40 – and many of NXD's other cards – is that it does little or nothing to resist being recorded, prodded and poked by crackers.
The EV1 upgrade to that card has an on-chip backup management systems,an authentication mechanism that uses three separate authentication methods, encryption based on the 3DES hardware encryption that meets security requirements for most U.S. government agencies, but is compatible with existing systems designed to read the card using Near Field Communications (NFC) radio systems.
That probably means it does not yet contain any countermeasures able to stave off determined crackers poking it to see how it reacts.[emphasis added – MQ]