http://www.inrich.com/cva/ric/news.apx.-content-articles-RTD-2008-03-09-0127.html By Brian McNeill MEDIA GENERAL NEWS SERVICE March 09, 2008 A University of Virginia graduate student and two fellow hackers say they have cracked the encryption code used to protect millions of wireless "smartcards" in use across the globe. With readily available equipment that cost under $1,000, Karsten Nohl, 26, and his two Germany-based partners say they dismantled a tiny chip found inside many smartcards and mapped out its secret security algorithm. With the cryptographic formula in hand, the hackers were then able to run it through a computer program that tried out every possible key. It broke the encryption after a few hours. If they were to try again, Nohl said, it would take a matter of minutes. "I don't want to help attackers, but I want to inform people about the vulnerabilities of these cards," said Nohl, a doctoral candidate in computer engineering at U.Va. who is originally from Germany. Wireless chips, which employ technology known as radio-frequency identification, or RFID, are found inside most modern credit cards, car keys, security keycards and subway passes. The chips send an encoded numeric signal to the reading device, which allows the user to wave their card to gain access to secure buildings, remotely unlock a car, pay for public transportation and much more. The popular chip that the trio "dissected" is called the MiFare Classic RFID chip and is manufactured by NXP Semiconductors, a Netherlands-based company. Nohl and his colleagues found that it was fairly easy to crack the RFID chip's code. The three computer whizzes announced their findings at the Chaos Communications Congress in Berlin, an annual worldwide convention of hackers. They are not releasing the details of how they beat the chip's security code. But, Nohl added, it is possible that criminals might also have done so. Manuel Albers, director of regional marketing for North and South America for NXP, disputed that Nohl and his compatriots breached the chip's security, as they obtained only a portion of the cryptographic algorithm. In fact, he said, the company's chips have multiple layers of security and are not in danger of being totally compromised. The company has been in contact with Nohl and his team and is reviewing their findings, he said. "We constantly improve and review our products to make sure it's up to snuff with the latest security threats," he said. Moreover, Albers said, NXP manufactures chips with a range of security levels from zero to substantial protection. The chip examined by Nohl was a relatively simple version with little security, he said. In a statement, NXP added that the MiFare Classic "is not used in banking, payment, nor automotive security applications anywhere in the world. The MiFare Classic is predominately used in automatic fare collection applications and access control applications." Projects such as hacking the security code of an RFID chip are the "evil twin" of Nohl's regular research, he said, which focuses on the development of cryptographic algorithms for computer security. Nohl's faculty advisor, David Evans, an associate professor in U.Va.'s School of Engineering and Applied Science, said in a statement that exposing security flaws through hacking helps ensure that future products are more secure. Hacking, Nohl said, refers to the practice of investigating the internal processes of computing technology. It is often mistaken for "cracking," he said, which means to break into computer processes for fun, vandalism or profit. Nohl said that a more secure option for RFID security codes would be to rely on publicly known and time-tested security algorithms. NXP's secret code, he said, is an example of "security by obscurity," or the practice of keeping the code private and hoping hackers do not figure it out. Private algorithms, Nohl said, are more likely to have flaws and vulnerabilities. "We found significant vulnerabilities in their algorithm," he said. "By keeping it secret, they hurt themselves in the end." Brian McNeill writes for The Daily Progress in Charlottesville. ___________________________________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Mon Mar 10 2008 - 23:23:52 PST