D-Day for RFID-based transit card systems

Want to ride the subway for free without having to jump the turnstiles? Well, as of Monday, you'll be able to do that by making a fake transit card.

A scientific paper detailing the security flaws in the Mifare Classic wireless smart card chip used in transit systems around the world is being published by the Radboud University Nijmegen. And a researcher at Humboldt University in Berlin has published a full implementation of the algorithm (PDF).

"Combining these two pieces of information, attacks can now be implemented by anyone," RFID researcher Karsten Nohl told CNET News. "All it takes is a $100 (card) reader and a little software."

Armed with the information in the papers, someone could steal the secret key from a Mifare Classic-based transit card and create a clone of it. As seen in a demonstration, data was collected wirelessly by merely brushing a card reader past someone carrying a card. The data was then used to create a fresh transit card that permitted free access to the London subway.

Subway systems in Amsterdam, Boston, Bangkok and Delhi, among other cities, are also susceptible, as are building access control systems in Europe.

"That's just the tip of the iceberg," said 3ric Johanson, a Seattle-based security consultant. "It's my estimation that approximately 3.5 billion cards have been issued using the Mifare Classic protocol, all subject to financial fraud. There are at least 60 or so major citywide RFID implementations that rely on Mifare Classic."

Nohl, who worked with others to break the Mifare crypto last year and received a Ph.D. in computer security from the University of Virginia, suspects that "hobby hackers who ride the metro everyday and are curious about this technology" will be the first to exploit the vulnerability, "more for fun than profit."

For the less technologically savvy among us, there could soon be mass produced devices that make it easy to forge Mifare Classic cards, Johanson said.

Johanson, an expert in RFID technology, said he has reached out to transit systems to offer help improving their security, but received mixed responses.

There are options for transit authorities who don't want to replace their entire systems. For instance, they can use intrusion detection-type systems that register when a particular card has had a change in value or been cloned, according to Johanson. "I'm highly dubious about a lot of these claims because it's hard to do it right," he said of such measures.

NXP, the company that developed the Mifare Classic chip, could not be reached for comment Monday. The company sued to block publication of the Dutch University paper but a judge ruled in July that the paper could be published.

The Massachusetts Bay Transit Authority (MBTA) took legal action in August to prevent three MIT students from presenting their research on how to "hack" the Boston subway system at the Defcon hacker confab in Las Vegas. A judge later lifted the gag order in that case. Representatives from the MBTA could not be reached for comment.

Security systems like the Mifare Classic that are not peer reviewed are not as trustworthy as systems that can be openly analyzed by researchers looking for flaws, Johanson and Nohl said.

"Developing your own proprietary security mechanisms and not getting public scrutiny on it does not work," Nohl said.

[n3td3v]

Can Cnet News please do a Youtube video showing one of their journalists getting a free ride, to prove it works?

[elinormills]

Great idea! We'll try to do that.
Elinor

[pherox]

Cnet is sadly behind the times. MIT students seeking to prove the same point already posted something just like this, although they didn't put it in a newspaper, so the plebes wouldn't really see it [as much, anyway]. It's a PDF documenting and explaining the process, with pictures to help explain as well. I don't have the link on hand, but I do know that it is called The Anatomy of a Subway Hack.

[elinormills]

CNET News covered that presentation when it was blocked at Defcon in August:
http://news.cnet.com/8301-1009_3-10012612-83.html?tag=mncol
and the PDF can be downloaded from this CNET News article:
http://news.cnet.com/8301-1009_3-10020252-83.html?tag=mncol

[disco-legend-zeke]

Anybody can create a crypto system that they cannot, themselves, break.

[ddesy]

Too bad RFID use is still increasing. Just one more demonstration of RFID not being as secure as some people think it is.

[skswave]

the new Dell E series has a Wireless card reader that will support the new Mifare cards. In addition, You can use old subway tokens in lieu of passwords to log yourself in. Mifare may have it's issues but it makes a cool second factor token for access control to your laptop.

steven sprague

[George Orwellian]

I've seen MAD Magazine do sendups of ordinary events written up as dramatic stories - like someone drinking coffee as some sort of momentous event.<br />
<br />
That's what this CNET story is: trying to be more than it's reporting.<br />
<br />
-- <br />
<a href="Harvey Mars">http://harvey-mars.com/</a>