Print 21 comment(s) - last by plinkplonk.. on Jul 1 at 6:35 AM

Rides Free on the London Underground for a day

What does it take to force the Dutch government to deploy armed guards at its public access buildings? How hard is it to hop a free ride on the London Underground?

If you're Radboud University's Bart Jacobs, all that's required is a laptop and a bit of RFID know-how.

Jacobs says that he and his team used a "commercial laptop" to crack the encryption of and clone a widely-deployed Mifare Classic RFID smartcard. Classic cards are often found in office-building access control systems, wireless payment cards, and public transportation ticketing systems used by a number of municipalities worldwide, including the London Underground.

Using a circular antenna and data receiver hooked up to a standard laptop, Jacobs' team was able to download encryption keys from Mifare RFID scanners stationed for ordinary use. They were then able to steal smartcard data by waving the antenna -- which looks like a loopy wand -- within a couple of inches of a legitimate card carrier, a process called "skimming". Using sleight-of-hand techniques usually practiced by pickpockets, the process of scanning a victim with the wand can be done without their knowledge.

RFID smartcards transmit data wirelessly over a low-strength signal usually limited to a couple of feet. A video describing the process used for the Classic cards, originally discovered in April, was posted to YouTube.

Jacobs' team tested the hack in two scenarios: entering restricted-access areas of public-access, government buildings in the Netherlands and hopping a day's worth of free rides on London's subway system. Both tests ended successfully.

The Dutch government says it has embarked on a campaign to replace the smartcards of its entire workforce since learning of the attack, and stationed armed guards outside all its buildings. Over 120,000 smartcards will have to be replaced, at a cost of "about €5 ($8 USD) for each card."

"We take this extremely seriously," said a spokesman for the Dutch Interior Ministry. "It’s a national security issue."

The Times Online notes that over ten million of the Mifare smartcards are sold in the UK each year, including six million given to pensioners for free access to public transportation. CNET's Defense in Depth says that the same model smartcards are used in Boston transit's CharlieCard reusable ticket system, as well as public transportation systems in Beijing, Madrid, Hong Kong, Bangkok, and New Delhi. While newer, more secure systems are out, writes blogger Robert Vamosi, there are still half a billion Classic smartcards in use worldwide.

The team's page on Radboud University's website says that they are not aware of any technical solutions, short of replacing applicable systems, for fixing the Classic's vulnerabilities.

"The cryptography is simply not fit for purpose," said security researcher Adam Laurie. "It’s very vulnerable and we can expect the bad guys to hack into it soon, if they haven’t already."

"You only have to walk down the street to see contactless access control systems everywhere ... it used to be a magnetic strip, now it’s a card held up to a reader on the wall. A large percentage of these will have Mifare technology and are very vulnerable to attack. They should all be replaced."

With RFID finding an increasing amount of use worldwide -- including in the United States, where it's seeing use in the next and latest generations of U.S. passports -- privacy advocates are voicing their concern over the technology, which can often be read at distances over 20 feet and can contain sensitive biometric data. Recent legislation in the state of Washington outlawed the practice of "skimming" for the purposes of identity theft and fraud, but critics argue that the law will do little to actually stop the practice.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Solution is very inexpensive
By waltaugust on 6/27/2008 10:21:28 AM , Rating: 2
A simple solution would be to block the skimming of the card. Identity Stronghold makes a Secure Sleeve(tm) that you keep your card or passport in and it blocks all RF communication with the chip. The US Federal Government uses it on their employee ID cards. They also have a Secure Badgeholder that can block the RF while leaving the face of the card visible. You can see them on

RE: Solution is very inexpensive
By JasonMick on 6/27/2008 12:01:52 PM , Rating: 5
Yes, but at some point if the card is to be used, you have to take it out of its secure sleeve. Its not hard to imagine an employee taking their card out and then forgetfully leaving it in your pocket. I'd imagine if you skimmed 5 or 6 employees who used such cards regularly, one would have done such.

In a way such measures might worsen things, because they create a false sense of security.

The only resolution is better cryptography and redesign.

RE: Solution is very inexpensive
By HighWing on 6/27/2008 3:53:56 PM , Rating: 3
Its not hard to imagine an employee taking their card out and then forgetfully leaving it in your pocket.

I can't help but think this is very similar to the scenario where an employee writes down a password on a sticky note and leaves it by their computer.

And in that case the fault/blame lies with the employee

RE: Solution is very inexpensive
By TomCorelis on 6/28/2008 6:07:41 AM , Rating: 2
Honestly, I find myself doing that with my ATM card and its paper sleeve all the time. I'll get home, empty out my pockets, and realize I lazily forgot to put the card back into its sleeve in my wallet. Sometimes, one will be smooshed in there right in front of the other.

RE: Solution is very inexpensive
By JustTom on 6/28/2008 6:42:21 PM , Rating: 2
While it might be the fault of the employee the fact is it still leaves an easily exploitable vulnerability. If you have 200 employees using a particular access point I can guarentee someone will leave their card out of its protective sleeve.

RE: Solution is very inexpensive
By Sunbird on 6/27/2008 12:16:47 PM , Rating: 2
Just what is wrong with a magnetic strip card? Why do the cards HAVE to be RFID?

That's even a cheaper and more effective solution...

RE: Solution is very inexpensive
By tdawg on 6/27/2008 1:22:04 PM , Rating: 2
Correct me if I'm wrong, but if we were to use magnetic readers, we wouldn't be able to keep our access cards in our wallets, along with our credit/debit cards, and scan the card without taking it out of our wallet.

RE: Solution is very inexpensive
By Sunbird on 6/27/2008 1:32:26 PM , Rating: 2
No, you are correct.

There are other ways to solve that convenience problem, but I guess it will never be as convenient. But like with any PC security, the more secure, the less convenient in some manner*.

*DailyTech can quote me on that. If Rush can be quoted, I can too :p

By plinkplonk on 7/1/2008 6:35:49 AM , Rating: 2
FFS!!!!! YOU ARE SO LAZY - it takes two seconds to take it out scan it and put it back in. why is everyone in the world so focused on doing as little for themselves as possible?

RE: Solution is very inexpensive
By neothe0ne on 6/27/2008 3:17:54 PM , Rating: 2
Cell phones?

RE: Solution is very inexpensive
By TSS on 6/27/2008 7:20:09 PM , Rating: 3
no see, the solution isn't inexpensive. first, a commitee has to be appointed to find out whats wrong with the current system, then a comittee has to be appointed to appoint the new order to a company (which *will* be given to a friend of the chairman via some way), as there are multiple company's gunning for the order they haved to be screened and determined by said comittee(s), by which time enough money will have been burned to replace the system 3 times.

and once a company has been decided upon, usually several so that everybody get's a piece, the project will be delayed several times due to internal miscommunication until it's considered a faillure and will be replaced by the next project.

the dutch, though i'm proud to be one, aren't good at managing big projects. the betuwelijn is a railroad from the west of holland to germany, calculated cost 1 billion, final cost 5 billion. today there was a news message on a dutch techsite about the UWV, the orginazation that handles unempoyment and such, had burned 87 million euro's on a system which was eventually to complex to be used and had to be abandoned. and this hacked news, isn't news to us. these things have been hacked through several times now, yet the dutch goverment will still implement this technology for our public transportation, like in london (called the OV chipkaart). within a timeframe which guarrantee's faillure.

only thing where good at is making money, not spending it :P

"Spreading the rumors, it's very easy because the people who write about Apple want that story, and you can claim its credible because you spoke to someone at Apple." -- Investment guru Jim Cramer
Related Articles

Most Popular ArticlesSmartphone Screen Protectors – What To Look For
September 21, 2016, 9:33 AM
UN Meeting to Tackle Antimicrobial Resistance
September 21, 2016, 9:52 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
Update: Problem-Free Galaxy Note7s CPSC Approved
September 22, 2016, 5:30 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki