Sudantha_s
03-26-2008, 09:07 PM
A University of Virginia graduate student and two fellow hackers say they have cracked the encryption Relevant Products/Services code used to protect millions of wireless "smartcards" in use across the globe.
With readily available equipment Relevant Products/Services that cost under $1,000, Karsten Nohl, 26, and his two Germany-based partners say they dismantled a tiny chip found inside many smartcards and mapped out its secret security Relevant Products/Services algorithm.
With the cryptographic formula in hand, the hackers were then able to run it through a computer program that tried out every possible key. It broke the encryption after a few hours. If they were to try again, Nohl said, it would take a matter of minutes.
"I don't want to help attackers, but I want to inform people about the vulnerabilities of these cards," said Nohl, a doctoral candidate in computer engineering at U.Va. who is originally from Germany.
Wireless chips, which employ technology known as radio-frequency identification, or RFID, are found inside most modern credit cards, car keys, security keycards and subway passes. The chips send an encoded numeric signal to the reading device, which allows the user to wave their card to gain access to secure buildings, remotely unlock a car, pay for public transportation and much more.
The popular chip that the trio "dissected" is called the MiFare Classic RFID chip and is manufactured by NXP Semiconductors, a Netherlands-based company.
Nohl and his colleagues found that it was fairly easy to crack the RFID chip's code.
The three computer whizzes announced their findings at the Chaos Communications Congress in Berlin, an annual worldwide convention of hackers. They are not releasing the details of how they beat the chip's security code. But, Nohl added, it is possible that criminals might also have done so.
Manuel Albers, director of regional marketing for North and South America for NXP, disputed that Nohl and his compatriots breached the chip's security, as they obtained only a portion of the cryptographic algorithm. In fact, he said, the company's chips have multiple layers of security and are not in danger of being totally compromised.
The company has been in contact with Nohl and his team and is reviewing their findings, he said.
"We constantly improve and review our products to make sure it's up to snuff with the latest security threats," he said.
Moreover, Albers said, NXP manufactures chips with a range of security levels from zero to substantial protection. The chip examined by Nohl was a relatively simple version with little security, he said.
With readily available equipment Relevant Products/Services that cost under $1,000, Karsten Nohl, 26, and his two Germany-based partners say they dismantled a tiny chip found inside many smartcards and mapped out its secret security Relevant Products/Services algorithm.
With the cryptographic formula in hand, the hackers were then able to run it through a computer program that tried out every possible key. It broke the encryption after a few hours. If they were to try again, Nohl said, it would take a matter of minutes.
"I don't want to help attackers, but I want to inform people about the vulnerabilities of these cards," said Nohl, a doctoral candidate in computer engineering at U.Va. who is originally from Germany.
Wireless chips, which employ technology known as radio-frequency identification, or RFID, are found inside most modern credit cards, car keys, security keycards and subway passes. The chips send an encoded numeric signal to the reading device, which allows the user to wave their card to gain access to secure buildings, remotely unlock a car, pay for public transportation and much more.
The popular chip that the trio "dissected" is called the MiFare Classic RFID chip and is manufactured by NXP Semiconductors, a Netherlands-based company.
Nohl and his colleagues found that it was fairly easy to crack the RFID chip's code.
The three computer whizzes announced their findings at the Chaos Communications Congress in Berlin, an annual worldwide convention of hackers. They are not releasing the details of how they beat the chip's security code. But, Nohl added, it is possible that criminals might also have done so.
Manuel Albers, director of regional marketing for North and South America for NXP, disputed that Nohl and his compatriots breached the chip's security, as they obtained only a portion of the cryptographic algorithm. In fact, he said, the company's chips have multiple layers of security and are not in danger of being totally compromised.
The company has been in contact with Nohl and his team and is reviewing their findings, he said.
"We constantly improve and review our products to make sure it's up to snuff with the latest security threats," he said.
Moreover, Albers said, NXP manufactures chips with a range of security levels from zero to substantial protection. The chip examined by Nohl was a relatively simple version with little security, he said.