Millions of RFID Cards Vulnerable to Instant Cloning
Amsterdam, Thursday, 29 August 2024.
A hardware backdoor discovered in MIFARE-compatible chips, manufactured by Shanghai Fudan Microelectronics, allows attackers to clone RFID cards used in public transport and hotels worldwide within minutes. This vulnerability affects millions of cards, posing significant security risks for users and organizations.
Discovery and Implications
The hardware backdoor was discovered by researchers at Quarkslab, a cybersecurity firm based in Paris. Philippe Teuwen, a prominent researcher at the firm, documented the vulnerabilities in the FM11RF08S variant of the MIFARE Classic card family. These cards are widely used in public transport systems, such as the Dutch OV-chipkaart, and in the hospitality industry, affecting hotels in the United States, Europe, China, and India. The backdoor allows attackers to compromise user-defined keys within minutes, enabling unauthorized access and card cloning[1][2].
Technical Details and Vulnerabilities
The FM11RF08S cards, manufactured by Shanghai Fudan Microelectronics Group, were designed with countermeasures against known attacks. However, the researchers found that these countermeasures are ineffective due to the presence of a hardware backdoor. This backdoor permits authentication with an unknown key, compromising all user-defined keys even when they are fully diversified. The vulnerability allows ‘card-only’ attacks, enabling hackers to clone cards without needing access to the corresponding card reader. The compromised cards can lead to unauthorized access to secure locations and potential financial losses for transport companies and hotels[2][3][4].
Impact on Public Transport and Hospitality
The Dutch public transport system, which relies on the OV-chipkaart, uses MIFARE-compatible chips. Translink, the company behind the OV-chipkaart, has acknowledged the breach but maintains that the transport cards are safe. Despite these assurances, the discovery raises concerns about the security of millions of cards in circulation. In the hospitality sector, the vulnerability affects Saflok systems, which secure approximately three million doors across 13,000 properties worldwide. Researchers Ian Carroll and Lennert Wouters demonstrated how a $300 RFID read-write device could be used to clone hotel keycards, exposing significant security flaws in these systems[1][2][3][5].
Call for Immediate Action
Experts recommend an immediate investigation to identify vulnerable cards and consider switching to more secure alternatives, such as the Infineon SLE-66R35 chip. This chip features enhanced security measures, but migration will require time and investment. Both transportation companies and hospitality providers must take swift action to mitigate the financial and security risks posed by these vulnerabilities. Consumers and businesses are urged to be aware of these risks and take protective measures to safeguard their assets and personal information[1][2][3].
Future of Secure RFID Systems
The discovery of these vulnerabilities underscores the need for continuous improvement in RFID security. While MIFARE Classic cards have been known to be insecure for over a decade, newer technologies like MIFARE DESFire offer more robust security features. The industry must prioritize transitioning to these safer alternatives to prevent further exploitation. Additionally, integrating biometric sensors and robust encryption methods can enhance the overall security of RFID systems, ensuring that both public and private sectors are better protected against future threats[4][5].
Bronnen
- innovationorigins.com
- www.rfidjournal.com
- news.ycombinator.com
- www.securityweek.com
- securityaffairs.com