http://news.cnet.com/8301-1009_3-10059605-83.html By Elinor Mills Security CNET News October 6, 2008 Want to ride the subway for free without having to jump the turnstiles? Well, as of Monday, you'll be able to do that by making a fake transit card. A scientific paper detailing the security flaws in the Mifare Classic wireless smart card chip used in transit systems around the world is being published by the Radboud University Nijmegen. And a researcher at Humboldt University in Berlin has published a full implementation of the algorithm (PDF) [1]. "Combining these two pieces of information, attacks can now be implemented by anyone," RFID researcher Karsten Nohl told CNET News. "All it takes is a $100 (card) reader and a little software." Armed with the information in the papers, someone could steal the secret key from a Mifare Classic-based transit card and create a clone of it. As seen in a demonstration [2], data was collected wirelessly by merely brushing a card reader past someone carrying a card. The data was then used to create a fresh transit card that permitted free access to the London subway. Subway systems in Amsterdam, Boston, and Beijing, among other cities, are also susceptible, as are building access control systems in Europe. [1] http://sar.informatik.hu-berlin.de/research/publications/SAR-PR-2008-21/SAR-PR-2008-21_.pdf [2] http://news.cnet.com/8301-10789_3-9978486-57.html [...] __________________________________________________ Register now for HITBSecConf2008 - Malaysia! With a new triple-track conference featuring 4 keynote speakers and over 35 international experts, this is the largest network security event in Asia and the Middle East! http://conference.hackinthebox.org/hitbsecconf2008kl/Received on Mon Oct 06 2008 - 22:26:31 PDT
This archive was generated by hypermail 2.2.0 : Mon Oct 06 2008 - 22:37:01 PDT