Wednesday, April 2, 2008

It is worth knowing more RFID chips have been hacked

More and more we are seeing the intrusion of RFID chips in all applications of daily life, including health care.

You can learn more about these issues here - SPY CHIPS

If you are an animal lover make it a point to read the article about cancer related to pet chips: Microchip-Cancer Report.

NXP RFID encryption cracked

Christoph Hammerschmidt
(04/01/2008 8:11 AM EDT)
URL: http://www.eetimes.com/showArticle.jhtml?articleID=207000946

MUNICH, Germany — The Chaos Computer Club (Hamburg, Germany) has cracked the encryption scheme of NXPs popular Mifare Classic RFID chip. The device is used in many contactless smartcard applications including fare collection, loyalty cards or access control cards. NXP downplays the significance of the hack.
According to a report in Sueddeutsche Zeitung, Chaos Computer Club (CCC) experts along with colleagues from the University of Virginia cracked the encoding scheme with little effort. The achievement allows the crackers to read out data, recharge payment cards, copy RFID cards or generate "new" users.

The Mifare Classic family is sold in large volumes. Its memory sports a capacity of 1 to 4 kByte, explained a spokesperson in NXPs Austrian RFID competence center. Since it is in the market since the mid-nineties, the proprietary 48-bit encoding scheme is not necessarily up to today's requirements. Nevertheless, NXP sees no necessity to modify the encryption.

The spokesperson pointed out that the company also offers other RFID chips with higher security up to Triple DES or AES. "We will inform our customers about the incident", the spokesperson said. But it is the decision of the system integrator or customer if he will continue to rely on the Mifare Classic. "There are certainly applications for which the Classic can be used. We have not plans to withdraw the product from the market."

The spokesperson also pointed out that the Mifare Classic is not used in security-critical applications such as passports or electronic health cards.

The Chaos Computer Club was not available for comment.

No comments:

Post a Comment