HAR2009 - PREVIEW

Hacking at Random
Hacking happens

Speakers
Roel Verdult
Schedule
Day Friday - 2009-08-14
Room Monty Hall
Start time 13:00
Duration 01:00
Info
ID 36
Event type Lecture
Track
Language used for presentation English
Feedback

Classic Mistakes

Mistakes made with the Mifare Classic

This lecture gives a broad overview of the vulnerabilities that exists in MIFARE Classic products and the way they are used by system integrators.

The MIFARE Classic tag is a contactless smart card that is used extensively in access control for office buildings, payment systems for public transport and other security related applications. The security mechanisms of this chip were reversed engineered in 2008 by independent researchers. Using the knowledge of the CRYPTO1 cipher, multiple cryptographic attacks were proposed. The Chaos Computer Club, University of Virginia and the Radboud University Nijmegen released several scientific papers and seminars covering this topic. The attacks all differ in speed, requirements, costs and impact.

This lecture gives a broad overview of the vulnerabilities that exists in MIFARE Classic products and the way they are used by system integrators. During this presentation the publicly available documentation, hardware and source-code is combined into an impressive overview of security vulnerabilities. Furthermore, a real life demonstration will recover the keys from a genuine MIFARE Classic tag within seconds using just an inexpensive stock commercial NFC reader (30 USD). This lecture summarizes the classic mistakes that were made in 1994, the year that MIFARE was born.