Another RFID smart card vulnerability exposed
Just two months after a judge barred a group of MIT students from disclosing vulnerabilities discovered in Boston's CharlieCard fare collection system, another group, this time from the Netherlands, has published instructions for cracking the cryptographic cypher used to secure the world's most popular transit system smart card.
The Dutch team of researchers presented the results [PDF] of their experiments with NXP Semiconductor's Mifare Classic card at the Esorics security conference Monday in Malaga, Spain. As a Dutch affiliate of Infoworld reports, the team created a device to analyze the communication between the Mifare card and a reader. They then identified partial strings of the code given off by the reader as part of its digital handshake with the card, opening the door to cracking the cypher. It all sounds like something from the current season of Prison Break[Hulu], if you ask me.