London Tube Free

The secret cipher that secures Mifare Classic RFID tags used in access control systems, subway tickets, and various other security-related applications has recently been disclosed.

The attack works against the Mifare Classic, a wireless card made by Netherlands-based NXP Semiconductors. It is used by transit operators in London, Boston and the Netherlands and by organizations in the public and private sectors to control access to sensitive areas, according to Karsten Nohl, a PhD candidate at the University of Virginia and one of the cryptographers who discovered the weakness. NXP says it’s sold 1 billion to 2 billion of the cards.

There’s another hack of that system published in PC World. Press release from Radboud University is here, and there is also a short video demo  that shows hack in action.

The Dutch government has issued a warning about the security of access keys that are based on the widely used Mifare Classic RFID chip.  Government institutions plan to take “additional security measures to safeguard security,” Guusje ter Horst, minister of interior affairs, wrote in a letter to parliament on Wednesday.

It is interesting to read what Bruce Schneier said in August 1999 issue of Crypto-Gram newsletter about Cryptography: The Importance of Not Being Different.

Many companies still fail to learn principles of cryptography.

Leave a Reply