Karsten Nohl, in collaboration with Starbug and Henryk Plötz, has reverse-engineered the encryption algorithm used in Mifare Classic RFID tags, and identified several serious weaknesses in the ciper design and the way it generated random numbers. Mifare tags are used in several large public transportation systems including London Transport’s Oyster cards, and the Dutch government was planning to used them for the nationwide OV-Chipkaart system, but is reconsidering this in light of the revealed security weaknesses. The work involved reverse engineering the cipher from images of its hardware implementation.
The results were announced at the Chaos Communication Congress (December 28). Here’s Karsten’s talk (including a link to a video): Mifare: Little Security, Despite Obscurity.
Some posts about this work include:
- Schneier on Security (Bruce Schneier), Dutch RFID Transit Card Hacked
- Freedom to Tinker (Ed Felten), New $2B Dutch Transport Card is Insecure.
- Andy Tanenbaum, Dutch Public Transit Card Broken (includes links to many Dutch newspaper articles).
Karsten will also be giving a talk about this work at the RFID Security Workshop at Johns Hopkins University, January 23-24.