Print 21 comment(s) - last by plinkplonk.. on Jul 1 at 6:35 AM

Rides Free on the London Underground for a day

What does it take to force the Dutch government to deploy armed guards at its public access buildings? How hard is it to hop a free ride on the London Underground?

If you're Radboud University's Bart Jacobs, all that's required is a laptop and a bit of RFID know-how.

Jacobs says that he and his team used a "commercial laptop" to crack the encryption of and clone a widely-deployed Mifare Classic RFID smartcard. Classic cards are often found in office-building access control systems, wireless payment cards, and public transportation ticketing systems used by a number of municipalities worldwide, including the London Underground.

Using a circular antenna and data receiver hooked up to a standard laptop, Jacobs' team was able to download encryption keys from Mifare RFID scanners stationed for ordinary use. They were then able to steal smartcard data by waving the antenna -- which looks like a loopy wand -- within a couple of inches of a legitimate card carrier, a process called "skimming". Using sleight-of-hand techniques usually practiced by pickpockets, the process of scanning a victim with the wand can be done without their knowledge.

RFID smartcards transmit data wirelessly over a low-strength signal usually limited to a couple of feet. A video describing the process used for the Classic cards, originally discovered in April, was posted to YouTube.

Jacobs' team tested the hack in two scenarios: entering restricted-access areas of public-access, government buildings in the Netherlands and hopping a day's worth of free rides on London's subway system. Both tests ended successfully.

The Dutch government says it has embarked on a campaign to replace the smartcards of its entire workforce since learning of the attack, and stationed armed guards outside all its buildings. Over 120,000 smartcards will have to be replaced, at a cost of "about €5 ($8 USD) for each card."

"We take this extremely seriously," said a spokesman for the Dutch Interior Ministry. "It’s a national security issue."

The Times Online notes that over ten million of the Mifare smartcards are sold in the UK each year, including six million given to pensioners for free access to public transportation. CNET's Defense in Depth says that the same model smartcards are used in Boston transit's CharlieCard reusable ticket system, as well as public transportation systems in Beijing, Madrid, Hong Kong, Bangkok, and New Delhi. While newer, more secure systems are out, writes blogger Robert Vamosi, there are still half a billion Classic smartcards in use worldwide.

The team's page on Radboud University's website says that they are not aware of any technical solutions, short of replacing applicable systems, for fixing the Classic's vulnerabilities.

"The cryptography is simply not fit for purpose," said security researcher Adam Laurie. "It’s very vulnerable and we can expect the bad guys to hack into it soon, if they haven’t already."

"You only have to walk down the street to see contactless access control systems everywhere ... it used to be a magnetic strip, now it’s a card held up to a reader on the wall. A large percentage of these will have Mifare technology and are very vulnerable to attack. They should all be replaced."

With RFID finding an increasing amount of use worldwide -- including in the United States, where it's seeing use in the next and latest generations of U.S. passports -- privacy advocates are voicing their concern over the technology, which can often be read at distances over 20 feet and can contain sensitive biometric data. Recent legislation in the state of Washington outlawed the practice of "skimming" for the purposes of identity theft and fraud, but critics argue that the law will do little to actually stop the practice.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Solution is very inexpensive
By HighWing on 6/27/2008 3:53:56 PM , Rating: 3
Its not hard to imagine an employee taking their card out and then forgetfully leaving it in your pocket.

I can't help but think this is very similar to the scenario where an employee writes down a password on a sticky note and leaves it by their computer.

And in that case the fault/blame lies with the employee

RE: Solution is very inexpensive
By TomCorelis on 6/28/2008 6:07:41 AM , Rating: 2
Honestly, I find myself doing that with my ATM card and its paper sleeve all the time. I'll get home, empty out my pockets, and realize I lazily forgot to put the card back into its sleeve in my wallet. Sometimes, one will be smooshed in there right in front of the other.

RE: Solution is very inexpensive
By JustTom on 6/28/2008 6:42:21 PM , Rating: 2
While it might be the fault of the employee the fact is it still leaves an easily exploitable vulnerability. If you have 200 employees using a particular access point I can guarentee someone will leave their card out of its protective sleeve.

"There is a single light of science, and to brighten it anywhere is to brighten it everywhere." -- Isaac Asimov
Related Articles

Most Popular Articles5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
No More Turtlenecks - Try Snakables
September 19, 2016, 7:44 AM
ADHD Diagnosis and Treatment in Children: Problem or Paranoia?
September 19, 2016, 5:30 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
Automaker Porsche may expand range of Panamera Coupe design.
September 18, 2016, 11:00 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki