Experts in Bochum have cracked one of the most-used smart cards in the world - allowing them to clone it or even change its value. The card's producer says a more secure successor is already on the market.
RFID smart cards are used in many subways worldwide
From subway stations and buses to cafeterias, smart cards have become one of the fastest ways to pay. Thanks to radio frequency identification (RFID), the cards have been adopted by transport authorities in Prague, Melbourne, San Francisco and many transit systems worldwide.
But researchers in Bochum, in western Germany, have now proven that the cards aren't fail-safe.
In April, the team alerted NXP, producer of the widely used DESFire MF3ICD40 smart card, that it had successfully hacked the card.
For security reasons the research group of the Chair for Embedded Security at Ruhr University Bochum, led by Christof Paar, waited several months before publishing the attack. They publicly announced their results last month at a security conference in Japan.
"Our NXP communication had been confidential," Paar told Deutsche Welle.
The procedure revealed the card's "secret key," which Paar likened to its DNA. That allowed researchers to alter the balance of the money on the card or even clone an extra card - or several.
"We just load this crypto-key into this card, and it behaves one-to-one like the same card," he said.
NXP says a more secure smart card is already available
One step ahead
NXP issued a press release on its website in late September, saying it was aware of the security breach. The company said it had already contacted its customers and repeated its recommendation that they upgrade to a new, more secure smart card: the MIFARE DESFire EV1.
The newer card is impervious to the attack used by Paar's team. And long before the hack, NXP had told its customers it would be scrapping the older, less secure model at the end of 2011.
"We announced the discontinuation in June 2010," NXP spokesman Michael Maader told Deutsche Welle. "So most of our customers had already migrated to the new solution."
He described the hack as a "highly sophisticated attack on a rather old card," and the company said it would take hours or even days to crack the key for a single card.
Meanwhile, a person would still have to steal someone's wallet to get their hands on a loaded smart card.
A high-tech hack
Yet although a successful hack requires expert knowledge, it only entails basic equipment worth a few thousand euros.
The Bochum team needed four main components: the card itself, a radio frequency identification reader, a probe and an oscilloscope, an electronic observation device.
Paar said the technique researchers used to break the cryptography was more standard than it was original. But he acknowledged the actual procedure - which takes between three and seven hours - was actually "pretty elaborate."
His team hacked into the smart card by prompting it to complete a computation and measuring the power consumed as a result, usage that changes depending on the card's cryptography.
The procedure doesn't damage the card, according to NXP, because the card doesn't realize it is being attacked.
By examining fluctuations in the electromagnetic field, researchers were able to tease out the card's 112-bit key, a binary string of zeros and ones.
"If you know that number, you can access the card and change the value," Paar said. His team then put this bit of digital rewriting into action using transport smart cards for the Prague Metro.
RFID stands for 'radio frequency identification'
Whether systems that use RFID cards can detect fraudulent activity depends on the kind of back-end security companies have put in place.
One method involves tracking account activity via "shadow accounts," an extra record of payment information that is not stored on the card. With this system, Paar said, if a user were to deposit $20 on a card, that payment would be noted on the card itself and separately.
In the event that card was lost, cloned and its value manipulated to show a positive balance of $120 instead of $20, the card-reading system would notice the discrepancy and could blacklist the card.
Yet ultimately, those elements are left up to the companies that buy the smart cards.
"It all depends on how the system is implemented by the customers," Paar said.
Author: Amanda Price
Editor: Cyrus Farivar