Scientists have circumvented the encryption used to protect a smartcard that's widely used to restrict access in corporate and government buildings, and to process payments in public transit systems, a feat that makes it possible to clone perfect replicas of the digital keys and steal or modify their contents. The attack, …
Use in public transport systems…
"The contactless card, which some customers adopted following the cracking of the Mifare Classic in 2008, is used by transit agencies in San Francisco, Australia, and the Czech Republic."
Ohh joy… I wonder if Translink was one of their customers… they've been pushing to completely do away with paper tickets.
Good luck explaining the need of a new card to dear old Granny who knows nothing about things electronic. This is an organisation that runs at a loss too … so there isn't exactly a big budget for replacing the things, nor is there one for counterfeit tickets.
The saving grace I suppose is that $3000 is probably more than most are going to bother with.
"dear old Granny"
The Straw Grandmother argument seems to pop up an awful lot, doesn't it?
- Dear Old Granny will get a new card, or she won't be able to travel. No-one will care to explain, and it doesn't matter anyway.
- Dear Old Granny hates all technology pretty much regardless of its replacement cycle or utility.
- Dear Old Granny probably disapproves of you for not helping her out with her transport card, and is updating the will as we speak.
Time required, alone will keep granny's transit card safe enough.
The 7 hour access requirement means that the potential reward will need to be a little more than Granny's $20 fare top up.
This is NOT the oyster card hack which permits on the fly theft/modification of card details, where a Marylbone worth of skimming might net a few hundred K $ in a morning.
So while technically interesting, and of potential use in compromising a major facility, this isn't likely to affect the likes of you and I. If the tea leaves can get at your card for 7 hours, they can also get at your brass house keys, and copying them takes a few seconds and a bar of soap.
Root, as in Enoch Root? Hardly a surprise then.
The tune of times to come
The basic problem with "contactless smart cards", even moreso than with the non-contactless variety is that the design is rather constrained by power budget, gate count, and so on and so forth. The theme that's emerging here is that as people learn to break older designs deployers will have to upgrade the hardware, and not just the software, with regularity. This card design is what, nine years old?
So figure between five and fifteen years before the next iteration. Then recall that a five year card replacement policy means a ten year upper bound (modulo extensions for "special cases" like brass and such) on valid cards remaining in the field. Figure a five year uptake of a new design because you don't want to jump in on new technology that quick (yet you're jumping in on RFID at all, but I digress so we'll disregard it), and calculate just how much chance you have to not have to prematurely replace anything.
And good luck with that, sir.
Well, the clue is in the name..
Maybe it should be AESFire..
This is an interesting result
It illustrates the problem of protecting security solutions from side-channel attacks. More interesting, perhaps, because this is not such a niche attac method as some might think, and because it isn't always impractical to protect such systems from this kind of attack.
I've not read the technical details of the attack, but I suspect it falls into one of three areas:
- Power consumption differential between successful and unsuccessful operations
- Timing differences in the same
- RF emissions from different parts of the chip
The first two should be fairly easy to circumvent, by implementing a random element into thte process, or by designing the chip so that successful and unsuccessful operations have the same characteristics. The third may be more difficult to solve.
Hasn't done bad for a card designed in 2002 with cost a big factor in design.
A given encryption system will never last for ever - nigh on 10 years seems pretty decent, and given recent stories not uncommon. I guess it's a good market to get into - you;re guaranteed to sell upgrades :)
Ross 7 wins the prize for understanding how things work in the real world...
Encryption has a life expectancy, more complex chips cost more. Therefore you use your worst, simplest, cheapest system - which is still appropriately secured - that won't be cracked in say ten years or so. While you're selling that system, you're developing the next one to take over when it's inevitably cracked.
Don't deploy big guns where little ones will do.
Yes our original (cheap) product was properly stuffed by that group at MIT (slightly assisted by our security-by-obscurity approach) and we told you at the time by buying our new (more expensive) product you would not have to worry for a while.
It''s time to start worrying again.
Fortunately a newer (slightly more expensive) replacement is now available to allay your fears.
Given how much you've already paid us it's a small price to pay for peace of mind.
Until the next time.
NXP marketing department.
- Twitter: La la la, we have not heard of any NUDE JLaw, Upton SELFIES
- China: You, Microsoft. Office-Windows 'compatibility'. You have 20 days to explain
- Is that a 64-bit ARM Warrior in your pocket? No, it's MIPS64
- Apple to devs: NO slurping users' HEALTH for sale to Dark Powers
- Apple 'fesses up: Rejected from the App Store, dev? THIS is why