A new report has revealed security concerns around RFID smart cards.
A Quarkslab security report published this month exposed a backdoor smart cards used to open office doors and hotel rooms allows instant cloning. The vulnerability in MIFARE Classic smart cards made by China-based leading chip manufacturer Shanghai Fudan Microelectronics Group was found in the public transportation and the hospitality industries. laundry rfid
The MIFARE cards affected belong to the FM11RF08 or FM11RF08S generations used in hotels in the U.S., Europe, China and India. The widely used MIFARE Classic card series was launched in 1994 by Philips and has been subjected to numerous attacks over the years.
As detailed in the report, the security vulnerability allows “card-only” attacks, requiring access only to a card and not the corresponding card reader. The hackers can read and write data in just a few minutes of physical proximity to an affected card, executed instantaneously at scale.
In 2020, the FM11RF08S variant of the MIFARE Classic had specific countermeasures designed to thwart all known card-only attacks, dubbed by the community as “static encrypted nonce.” However, security found the cards’ keys can be cracked in a few minutes if they are being reused across at least three sectors or three cards via a hardware backdoor that allows authentication with an unknown key.
The FM11RF08S backdoor allows anyone with knowledge to compromise all user-defined keys, even when fully diversified. A similar backdoor with a different key was found in the previous card generation, FM11RF08, as well as other models from the same vendor and even some old cards from NXP Semiconductors and Infineon Technologies.
The Quarkslab report follows the findings from a team of security researchers published earlier this year revealed a hotel keycard hacking technique they call Unsaflok. The technique exposes a collection of security vulnerabilities that would allow a hacker to open several models of Saflok-brand RFID-based keycard locks sold by lock maker Dormakaba.
The Saflok systems are installed on three million doors worldwide, inside 13,000 properties in 131 countries. The researchers exploited weaknesses in both Dormakaba’s encryption and the underlying RFID system used, with the MIFARE Classic card, according to Ian Carroll and Lennert Wouters. They started by obtaining any keycard from a target hotel—new or used—in order to read a certain code from that card with a $300 RFID read-write device. After writing two keycards of their own, they were able to first rewrite a certain piece of the lock’s data and then open it.
Dormakaba officials have been working since early last year to make hotels that use Saflok aware of their security flaws and to help them fix or replace the vulnerable locks. Given that the locks aren’t connected to the internet and some older locks will still need a hardware upgrade, they say the full fix will still likely take months longer to roll out, perhaps years.
Tagged with: Hotel, MIFARE Classic, Qurakslab, Shanghai Fudan Microelectronics Group, Smart Cards
James Hickey, Managing Editor, RFID Journal [email protected]
Claire Swedberg, Senior Editor, RFID Journal [email protected] +1 (360) 466-1562
James Hickey, Managing Editor, RFID Journal [email protected]
Claire Swedberg Senior Editor, RFID Journal [email protected] +1 (360) 466-1562
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSYour Privacy ChoicesTERMS OF USEPRIVACY POLICY
rfid key tags You must be logged in as a registered user to access. Not a registered user? Sign up for basic membership for free here.