German researchers say they have discovered a vulnerability in the Mifare DESfire MF3ICD40, a RFID smart card used in many access control systems.
In a paper entitled, "Breaking Mifare DESfire MF3ICD40: Power Analysis and Templates in the Real World," David Oswald and Christof Parr of Ruhr-University in Bochum, Germany, detail how they were able to conduct a successful "side-channel" attack against the card using equipment that can built for nearly $3,000. Click here to read the entire research report.
"System integrators should be aware of the new security risks that arise from the presented attacks and can no longer rely on the mathematical security of the used 3DES cipher. Hence, in order to avoid, e.g. manipulation or cloning of smartcards used in payment or access control solutions, proper actions have to be taken: on the one hand, multi-level countermeasures in the backend allow to minimize the threat even if the underlying RFID platform is insecure," the researchers wrote in the paper.
In a statement, NXP Semiconductors, which makes the MF3ICD40, said that the attack would be difficult to replicate and that they had already planned to discontinue the card at the end of 2011.
"Also, the impact of a successful attack depends on the end-to-end system security design of each individual infrastructure and whether diversified keys – recommended by NXP – are being used. If this is the case, a stolen or lost card can be disabled simply by the operator detecting the fraud and blacklisting the card, however this operation assumes that the operator has those mechanisms implemented. This will make it even harder to replicate the attack with a commercial purpose," NXP said in the statement.