[dupe]
Blog post: https://blog.quarkslab.com/mifare-classic-static-encrypted-n...
Discussion: https://news.ycombinator.com/item?id=41269249
Ironic that an article on cloning has a dupe.
It is really important when evaluating RFID access control systems to understand that most of the card types are designed to be replicated. Most of the cards printed commercially are "fused" for write-once enumeration, but that pertains to the physical card only. Another card can very easily be written with the same number with the proper hardware, or a different sort of hardware may be made to broadcast the same identifier as the card.
A backdoor is one thing, but the technology is paper-thin when used alone.
RFID is an inexpensive thing-monitoring platform, great for tracking goods in a process (manufacturing or in some cases, warehousing) but it should not be relied upon as the only layer in a security solution.
Well, Mifare Classic has been known to be vulnerable for almost 15 years now. The technology isnt quite "paper thin" when using card types that arent trivially clonable (such as DESFire and iClass SE)
True, but MIFARE Classic is not an RFID system under that definition. It supports cryptographic mutual authentication (although notably the scheme has been pretty much completely destroyed from a security point of view over the years).
The title is quite misleading (at least for people in the field).
Pet peeve: RFID is a bit of a misnomer for electronic lock cards, at least for those complex enough to actually be capable of having a backdoor.
RFID identifies; MIFARE and similar cards also mutually authenticate and/or store data securely (or not so securely when using MIFARE Classic or clones, such as this one).
Earlier discussion: https://news.ycombinator.com/item?id=41269249
Is this an actual backdoor, as in, put in there on purpose by the manufacturer? Sure sounds like it.
"Additional research revealed a hardware backdoor that allows authentication with an unknown key. Teuwen then used the new attack to obtain (“crack”) that secret key and found it to be common to all existing FM11RF08S cards."
Static key, decrypts all cards of a given model regardless of user stored keys? Yep, it's a backdoor.
Basically there's a master key that allows reading blocks that are supposed to be unreadable.
> put in there on purpose by the manufacturer
Hard to prove "on purpose" either way, my guess it was for debugging.
If they put it there for debugging it certainly qualifies as "on purpose". No matter what the reasoning behind it was.
Technically. I'm saying there's a huge difference between what a layman might read "large org conspires to spy" and a possible dull reality of "some engineer neglects to remove convenience feature".
40 years ago, maybe. Today, no.
(but hey, taking Croudstrike into account, everything is possible)
made by China-based Shanghai Fudan Microelectronics
> After this second secret key was also cracked it was discovered that the key is common to all FM11RF08 cards, as well as other models from the same vendor (FM11RF32, FM1208-10), and even some old cards from NXP Semiconductors and Infineon Technologies.
Even the ones not made by a Chinese company had the same backdoor. Perhaps, the original design had this backdoor and the manufacturers simply implemented the design. NXP is Dutch. Infineon is German.
It could be in the software layer too. Modern smartcards have 'applets' that can run custom code. The cards themselves trend to be quite generic. This can even be in high level languages like Java or basic.
So if the code was there it's not the fault of the card manufacturer but the applet developer.
[flagged]