Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    All it took was for a University of Virginia student to finally outsmart the popular SMART cards. Karsten Nohl was reported to have successfully broken the encryption code in RFID (or radio frequency identification) chips used in smart cards.

    RFID chips can be used for identifying products using radiowaves. These chips act as tags that can be “read” from a certain distance, even beyond the line of sight of the RFID reader. The use of smart cards has been widely popular and successful especially in Western countries. These all-in-one cards contain personal data of its users, allowing people to conduct a variety of financial and legal transactions.

    Nohl tested the MiFare Classic, an RFID chip manufactured by NXP Semiconductors. MiFare Classic is used by up to 2 billion smart cards globally. Nohl claims that the problem lies within the said card’s weak encryption, and now, he is able to duplicate a typical smart card and use it to open door locks. And all he needs is a laptop, a scanner and quite a short time before he gets to do his thing.

    When asked how long he can do the duplication process, Nohl said he only needs two minutes. Since smart cards use radiowaves, Nohl can just pass by a person with a smart card, and with his laptop and scanner in his backpack, can easily scan the card. He can do the same for a mounted reader. With enough information on his hands, he can determine the cryptographic key and produce a working, duplicate card.

    Sounds very trivial? Most smart cards are used in buses and commuter trains; but if you consider the doors and locks protecting government facilities and other vital installations–now that’s BIG. Falling into the wrong hands, this security loophole can be and will surely be used in high profile heists and break-ins, seemingly straight from a James Bond movie. Companies and organizations should look closely into this development to safeguard their assets as crimes can soon be, literally, knocking on their doorstep.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice