wireless.itworld.com
  Search  
Wireless Home Page Wireless Webcasts Wireless White Papers Wireless Newsletters Wireless News Wireless Topics Careers ITworld Voices ITwhirled The Wireless site of ITworld.com

RFID-hack hits 1B digital access cards worldwide

 WebWereld Netherlands 3/17/08

Tom Sanders, WebWereld Netherlands

The Dutch government has issued a warning about the security of access keys that are based on the widely used Mifare Classic RFID chip.

On this topic
EU drafts guidelines for RFID technologies
Why Wi-Fi may be a possible substitute for RFID
My life as a dog
Wireless# Certification Official Study Guide
Get practical tips, IT news, how-tos, and the best in tech humor.

Government institutions plan to take "additional security measures to safeguard security, " Guusje ter Horst, minister of interior affairs, wrote in a letter to parliament on Wednesday.

NXP developed the Mifare Classic RFID (radio frequency identification) chip, which is used in 2 million Dutch building access passes, said ter Horst. One billion passes with the technology have been distributed worldwide, making the security risk a global problem. A spokesperson for the ministry told Webwereld, an IDG affiliate, that it had not yet notified other countries.

The warning comes in a week when two research teams independently demonstrated hacks of the chip's security algorithm.

On Monday, German researchers Karsten Nohl and Henryk Plötz, who first hacked parts of the chip last December, published a paper demonstrating a way to crack the chip's encryption technology. The duo declined to publicly demonstrate their hack. "We want to start a discussion first, allowing people to adjust or abandon their systems," Nohl told Webwereld last week. He added that he would provide a demonstration before June.

On Wednesday, Bart Jacobs, an information security professor at the Radboud University in Nijmegen, demonstrated a hack of the chip's security encryption. Jacobs had notified the security service prior to going public, which has since confirmed the hack. A video demonstration of the hack is scheduled for publication on Wednesday.

Criminals can use the hack to clone cards that use the Mifare Classic chip, allowing them to create copies of building access keys or commit identity theft.

The chip is used in payment systems worldwide, such as the Oyster Card in the U.K. and the CharlieCard that is used in Boston. Both offer payment systems that allow for wireless transactions.

In the Netherlands, the Mifare Classic chip has been at the center of a national controversy since Nohl and Plötz first published their findings at the Chaos Computer Camp in Berlin last December.

The chip is the basis of a national proof-of-payment system for public transport. A recently published government-issued study by the Netherlands Organization for Applied Scientific Research dismissed the potential security threat, claiming that hackers would take at least two years to crack the security codes.


Sponsored Links

IP Networks Boost Secure Health Communications
AT&T provides secure communication to keep health care moving forward.
TAKE CONTROL OF REMOTE COMPUTERS
Support, configure and install applications and updates remotely for greater efficiency.
Experience The Benefits Of Intel® vPro™ Technology
Get Built-In Security And Remote Management Capabilities. Meet Critical Business Challenges.
Used and Refurbished HP ProCurve Switches
Lifetime Warranties, Professional Testing & Shipping on all HP Equipment Purchases!
Used and Refurbished Cisco Routers
Purchase Your Routers From Network Liquidators. Savings of Up to 90% with a Lifetime Warranty!
» Buy a link now

Advertisements
Sponsored links
Locate Hidden Software on business PCs with this free tool
Top 5 Reasons to Combine App Performance and Security
KODAK i1400 Series Scanners stand up to the challenge
Bring harmony to your mix of UNIX-Linux-Windows computing environments
Home  Products and services Wireless sensing technologies Radio frequency identification (RFID)
www.itworld.com    open.itworld.com     security.itworld.com     smallbusiness.itworld.com
storage.itworld.com     utilitycomputing.itworld.com     wireless.itworld.com

 
Contact Us   About Us   Privacy Policy    Terms of Service   Reprints  

CIO   Computerworld   CSO   GamePro   Games.net   IDG Connect   IDG World Expo   Infoworld   ITworld   JavaWorld   LinuxWorld  MacUser   Macworld   Network World   PC World   Playlist  

Copyright © Computerworld, Inc. All rights reserved

Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.