RFID-hack hits 1B digital access cards worldwide
The Dutch government has issued a warning about the security of access keys
that are based on the widely used Mifare Classic RFID chip.
Government institutions plan to take "additional security measures to
safeguard security, " Guusje ter Horst, minister of interior affairs, wrote
in a letter to parliament on Wednesday.
NXP developed the Mifare Classic RFID (radio frequency identification) chip,
which is used in 2 million Dutch building access passes, said ter Horst. One
billion passes with the technology have been distributed worldwide, making the
security risk a global problem. A spokesperson for the ministry told Webwereld,
an IDG affiliate, that it had not yet notified other countries.
The warning comes in a week when two research teams independently demonstrated
hacks of the chip's security algorithm.
On Monday, German researchers Karsten Nohl and Henryk Plötz, who first
hacked parts of the chip last December, published
a paper demonstrating a way to crack the chip's encryption technology. The
duo declined to publicly demonstrate their hack. "We want to start a discussion
first, allowing people to adjust or abandon their systems," Nohl told Webwereld
last week. He added that he would provide a demonstration before June.
On Wednesday, Bart Jacobs, an information security professor at the Radboud
University in Nijmegen, demonstrated a hack of the chip's security encryption.
Jacobs had notified the security service prior to going public, which has since
confirmed the hack. A
video demonstration of the hack is scheduled for publication on Wednesday.
Criminals can use the hack to clone cards that use the Mifare Classic chip,
allowing them to create copies of building access keys or commit identity theft.
The chip is used in payment systems worldwide, such as the Oyster Card in the
U.K. and the CharlieCard that is used in Boston. Both offer payment systems
that allow for wireless transactions.
In the Netherlands, the Mifare Classic chip has been at the center of a national
controversy since Nohl and Plötz first published their findings at the
Chaos Computer Camp in Berlin last December.
The chip is the basis of a national proof-of-payment system for public transport.
A recently published government-issued study by the Netherlands Organization
for Applied Scientific Research dismissed the potential security threat, claiming
that hackers would take at least two years to crack the security codes.
» posted by abennett
WebWereld Netherlands
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
VMware ESX Server in the Enterprise
By Edward L. Haletky
Published Dec 29, 2007 by Prentice Hall.
Enter now! | Official rules | Sample chapter
Green IT
By Toby Velte, Anthony Velte, Robert C. Elsenpeter
To be published Oct. 10, 2008 by McGraw Hill Professional
Enter now! | Official rules | About the book
