All it took was for a University of Virginia student to finally outsmart the popular SMART cards. Karsten Nohl was reported to have successfully broken the encryption code in RFID (or radio frequency identification) chips used in smart cards.
RFID chips can be used for identifying products using radiowaves. These chips act as tags that can be “read” from a certain distance, even beyond the line of sight of the RFID reader. The use of smart cards has been widely popular and successful especially in Western countries. These all-in-one cards contain personal data of its users, allowing people to conduct a variety of financial and legal transactions.
Nohl tested the MiFare Classic, an RFID chip manufactured by NXP Semiconductors. MiFare Classic is used by up to 2 billion smart cards globally. Nohl claims that the problem lies within the said card’s weak encryption, and now, he is able to duplicate a typical smart card and use it to open door locks. And all he needs is a laptop, a scanner and quite a short time before he gets to do his thing.
When asked how long he can do the duplication process, Nohl said he only needs two minutes. Since smart cards use radiowaves, Nohl can just pass by a person with a smart card, and with his laptop and scanner in his backpack, can easily scan the card. He can do the same for a mounted reader. With enough information on his hands, he can determine the cryptographic key and produce a working, duplicate card.
Sounds very trivial? Most smart cards are used in buses and commuter trains; but if you consider the doors and locks protecting government facilities and other vital installations–now that’s BIG. Falling into the wrong hands, this security loophole can be and will surely be used in high profile heists and break-ins, seemingly straight from a James Bond movie. Companies and organizations should look closely into this development to safeguard their assets as crimes can soon be, literally, knocking on their doorstep.