Technology Review - Published By MIT
Technology Review  in U.S. | en Español | auf Deutsch | in Italiano | 中文 | in India
Advertisement

Picking Pockets, Wirelessly

The world's most popular wireless smart card can be copied.

By Erica Naone

Friday, May 15, 2009
smaller text tool iconmedium text tool iconlarger text tool icon

The world's most popular wireless smart card has had a rough couple of years. The Mifare Classic, which is used in public-transit systems all over the world and to control access to many offices and buildings, has been the subject of intense scrutiny from security researchers. Last February, researchers from the University of Virginia cracked the encryption used to protect data on the card. Then, in August, a team from MIT showed how to get free rides on the MBTA transit system by exploiting weaknesses in the card. However, in both cases, physical access to the targeted card was required.

Credit: Technology Review

Next week, at the IEEE Symposium on Security and Privacy, in Oakland, CA, researchers from Radboud University, in the Netherlands, will demonstrate a new, even easier way to steal data from the smart card. Their attack, which requires only a cheap, off-the-shelf card reader and an ordinary computer, can pull sensitive data out of a card in less than a second--even if the attacker has no physical access to the card.

The attack builds on previous research and takes advantage of newly discovered flaws in the card's design, explains Peter van Rossum, an assistant professor of computer science at Radboud. Key to the exploit is the way that the smart card communicates with a wireless reader. The radio signal received by the card provides it with enough power to respond. But both the card and the reader have to first prove their identity by sending a secret key.

Story continues below

The researchers use an off-the-shelf reader to make a series of strategic requests of a card. As the card tries to determine whether it should trust the reader, it inadvertently reveals enough information for the attacker to guess the correct secret key. Because so much information about the Mifare Classic is already publicly available, van Rossum believes that an attacker could pull together the necessary knowledge and equipment within a matter of weeks.

Van Rossum says that an attacker would most probably perform the attack on a card that she already owns--for example, to increase the balance on her subway card. But he says that being able to perform the attack wirelessly raises the possibility that the attacker could copy someone else's card to gain unauthorized access to a building, for example.

Tags

RFID security

Related Articles

Comments
  • Hacking
    It seems the more that technology develops to make life easier the more the number of worries increase exponentially. So now we have to be afraid of wireless pickpocketing if we use this device? Every new tech really needs to go through an 'early adopters testing routine'-Released to small control group and monitored/work the kinks out. It's best to then release it to the masses.

    Jack
    tivax stb-t8
    Rate this comment: 12345

    jschuman
    05/24/2009
    Posts:20
    Avg Rating:
    2/5
Reply

Videos
Latest Videos
Ultra-Efficient Gas Engine Passes Test

Log In

Forgot your password?     Register »
Advertisement

Top Stories Of The Day

RSS Feeds
xml icon TR Top Stories xml icon TR Editors' Blog
xml icon TR Audio xml icon TR Video
Advertisement
Subscribe to Technology Review's e-mail update. Enter your e-mail address

Advertisement
Advertisement
MIT Massachusetts Institute of Technology CyberMedia © 2010 Technology Review. All Rights Reserved.