Hacking access control cards

A hacker from the U.S. has reportedly broken the security on NXP Semiconductor's Mifare-classic proximity card chip.

According to an article in The Daily Progress, a U.Va. grad student named Karsten Nohl figured out how to break the security code on a smart card chip made by NXP Semiconductors. Despite claims in The Daily Progress' article, NXP Semiconductors responded in an article for SC Magazine that the chips were not used for credit cards, car keys and other tools. In fact, the smart card chips (which are Mifare Classic chips, a technology trademarked by NXP - which was a former division of Philips Semiconductors) are mainly used in facility door access control and inexpensive toll booth and transportation user applications.

Nohl, who reported the hack in late december at the Chaos Communications Congress hacker convention (as reported on the HackADay website), apparently succeed in breaking one of the most simple Mifare designs. In fact, NXP offers more secure technologies than Mifare Classic, including the DESfire chip which uses triple-DES to create a more secure Mifare option. Still, I suppose the hack could shake some confidence in physical access control card systems. I'm not sure yet what the overall effect may be; we've had reports of spoofed and hacked prox cards in the past, but in reality, this Mifare chip isn't a true "smart card". That, I think, would be more significant for our industry... One of the previous "hacks" on cards was a "sniffer" that could supposedly read simple RF prox cards without the cardholder knowing about it. In fact, those "sniffs" have spurred new products designed to enclose prox cards to keep them from being read unintentionally.

Mifare security code hacker present hack at convention.

Presenting the Mifare hack at the CCC in Germany.


If you want to see the video of Nohl's presentation on hacking Mifare, you can watch it on Google's video site.