Student discovered vulnerability in protocol smartcard




A student at Radboud University has found a new vulnerability in the smartcard. As a result, affected both the old and the ‘new’ smartcard. The vulnerability can not be solved without replacing cards.

Smart card Because of the vulnerability of the encryption of a smartcard can now be cracked in minutes, where it would normally take several weeks, writes This would, for example, change the balance on the card an attacker, although it is a matter of time before it is detected and the corresponding card is blocked.

Both the ‘old’ smartcard, the Mifare Classic chip from the Dutch NXP has already been cracked, as the new smartcard affected. That’s because the new card, which has been entered correctly to resolve the vulnerabilities of the old card, still the same communication protocol as the old Mifare Classic cards. Incidentally, was previously an innocent vulnerability found in the Infineon SLE 66 chip.

“The vulnerability is on the chip, and is not to resolve,” Anita Hilhorst confirms Trans Link Systems opposite Tweakers. That is the organization behind the smartcard. To solve the problem completely, all public transport chip cards should be reversed, but that TLS has no plans. “Fraud is now under control, there is still nothing happens,” says Hilhorst.

That may change: April 21, presents the student who discovered the problem his work. It is unknown how much he will bring out the operation of the hack; the supervisor of his research, Bart Jacobs, was not reachable. However, it is common that after vulnerabilities researchers spend a certain period of time to the outside, after they have given the companies involved the opportunity to resolve the problem.

TLS says the next time they will keep an eye on ‘how the fraud evolves. Spokeswoman Hilhorst is up to the carriers to determine whether it is worthwhile to replace the cards, or that the fraud perpetrated not before causing enough financial damage. Hilhorst argues that it is more likely that the cards will be replaced by attrition.

Incidentally are other cards that use the Mifare Classic protocol vulnerable to the attack. Really, it’s more about access passes for hotels and commercial buildings. It should be noted that the original Mifare Classic chip was already cracked.


In: Technology & Gadgets Asked By: [15575 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »