NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0484 MiFare RFID Crack Grows:
The ubiquitous MiFare Classic RFID chip - used daily by millions worldwide in access control keys,
subway passes, and other applications - is even easier to crack than previously thought, according
to security researchers who announced the development Monday at the International cryptography
conference EuroCrypt in Istanbul. Mere seconds are all that is required to crack the chip's security -
not a few hours, as estimated last month. A computer science graduate student and one of the
masterminds behind reverse-engineering MiFare security, said in an interview that it now takes only 12
seconds to recover the key on a MiFare Classic card on an ordinary laptop. There is no need for the
attacker to interact actively with the physical card itself. Passive eavesdropping suffices; the attack
can take place from a distance. Researchers say a passive attack from 30 feet away would take a little
bit longer than an active attack. On Monday, the Dutch government issued a final report arriving at the
decisive conclusion that the chips, used by millions of citizens in the Netherlands, must be
replaced.
(ComputerWorld 15APR08)