German researchers crack RFID smartcard encryption

German researchers have cracked the encryption used to protect a type of smartcard whose functions range from restricting access to buildings to processing public transit system payments. The team demonstrated a hack that can duplicate the magnetic security card and break a previous version of contactless ID cards from Mifare in 2008, The Hacker News reported. "The new hack is carried out using a side channel attack, which bypasses the defensive features intended to prevent attacks on the card. To achieve this, the researchers made repeated measurements of electricity consumption during encryption and decryption. This can be determined by measuring the magnetic field close to the card," The Hacker News said. It was this same team that broke a previous version of contactless-ID cards from Mifare in 2008. At the time, the intrusion prompted Mifare to upgrade its security to create a card able to be programmed only once. The upgrade also contained a unique identifying number that could be checked against the programmed content on the card for extra security. A separate article on IT World identified the researchers who worked on both cracks as David Oswald and Christof Paar at Ruhr University in Germany. In their cracks, the team used a probe and oscilloscope to record the card's broadcasts while it's being read by and RFID reader. The researchers needed about seven hours to crack the security on one card and get its 112-bit encryption key, the IT World article said. However, they said it only works if one spent months profiling the card's architecture, behavior and responses. They also noted the weak point for the MF31CD40 – and many of NXD's other cards, which were the ones cracked – is that it does little or nothing to resist being recorded, prodded and poked by crackers. The EV1 upgrade to that card has an on-chip backup management systems, an authentication mechanism that uses three separate authentication methods, encryption based on the 3DES hardware encryption that meets security requirements for most U.S. government agencies, but is compatible with existing systems designed to read the card using Near Field Communications (NFC) radio systems. "That probably means it does not yet contain any countermeasures able to stave off determined crackers poking it to see how it reacts," IT WOrld said. — TJD, GMA News