Experts crack widely used smartcard
A team of German researchers has cracked a common smartcard used in transportation and security systems around the world with equipment that costs just a few thousand euros.
David Oswald and Christoph Paar, both expert hackers at the Ruhr University Bochum, who work to uncover flaws in hi-tech security systems, made the announcement in a study published this week.
In the study they said they managed to crack the DESFire MF3ICD40 RFID cards, used in transportation systems including in the Czech Republic, United States and Australia, using non-invasive and non-detectable measures.
Their discovery could mean unscrupulous hackers could duplicate the data on the cards and ride transportation networks for free, or even break into buildings being protected by the cards.
In a statement in response to the study, the cards’ manufacturer NXP confirmed the study’s results, but said an attack on smart cards would be complex and difficult to replicate, but it said customers should switch to a different version.
It added it was discontinuing the MF3ICD40 by the end of the year and recommended customers use a more secure version.
This is just the latest in a series of hacks on security systems by researchers affiliated with the Ruhr University, which runs one of the largest IT security institutes in Europe.
In 2008 they were able to crack keyless security systems that are used to protect many cars and buildings, leading companies to invest millions of euros in security upgrades.
The Local/mdm
Comments
See Also
David Oswald and Christoph Paar, both expert hackers at the Ruhr University Bochum, who work to uncover flaws in hi-tech security systems, made the announcement in a study published this week.
In the study they said they managed to crack the DESFire MF3ICD40 RFID cards, used in transportation systems including in the Czech Republic, United States and Australia, using non-invasive and non-detectable measures.
Their discovery could mean unscrupulous hackers could duplicate the data on the cards and ride transportation networks for free, or even break into buildings being protected by the cards.
In a statement in response to the study, the cards’ manufacturer NXP confirmed the study’s results, but said an attack on smart cards would be complex and difficult to replicate, but it said customers should switch to a different version.
It added it was discontinuing the MF3ICD40 by the end of the year and recommended customers use a more secure version.
This is just the latest in a series of hacks on security systems by researchers affiliated with the Ruhr University, which runs one of the largest IT security institutes in Europe.
In 2008 they were able to crack keyless security systems that are used to protect many cars and buildings, leading companies to invest millions of euros in security upgrades.
The Local/mdm
Join the conversation in our comments section below. Share your own views and experience and if you have a question or suggestion for our journalists then email us at [email protected].
Please keep comments civil, constructive and on topic – and make sure to read our terms of use before getting involved.
Please log in here to leave a comment.