In light of reports earlier this month detailing vulnerabilities of the Mifare Classic RFID cards, the Dutch Government has now issued a warning that the hack can be accomplished relatively easily. A team at Radboud University Nijmegen have detailed the process in a video published on the University website. This serves to illustrate the relative ease of reproducing the hack.
Of particular interest is the final paragraph from the article on the RFID Update website, which states:
"The long term impact of this hack on the public's perception of RFID security is unclear. It will likely depend on the extent to which nefarious hackers widely exploit the vulnerability."
I believe the long term impact will be determined by how well the public understands both the vulnerability and the proposed solutions, and how well organizations, such as the RFID Security Alliance, communicate the information. Otherwise, it is simply going to remain an opportunity to generate interesting headlines.
As Karsten Nohl, who published the original vulnerability findings told me:
"So far no nefarious hackers have contacted me to get the details of the cipher and it appears that all academics that share our results will not go out and cause any real-world system to break. After all, this could still take an ok outcome for industry if current systems upgrade reasonably soon. The message that will stick is that RFID aren't some magically secure new technology but rather suffer from the same shortcomings that haunt pretty much any security system."
NXP Semiconductors, the makers of the Mifare chips used in these cards, announced an update to the technology used in the Mifare cards which NXP is referring to as the Mifare Plus. According to the report in RFID Journal, cards using the new technology are backwards compatible with the Mifare Classic system.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment