Critical Flaw in Millions of RFID Cards: Instant Cloning Vulnerability Revealed
Quarkslab, a French security services firm, has uncovered a severe security issue in millions of contactless RFID cards produced by Shanghai Fudan Microelectronics Group, a leading Chinese chip manufacturer. This vulnerability, detailed in a recent research paper by Quarkslab's Philippe Teuwen, enables the immediate cloning of RFID smart cards used in office buildings and hotel rooms around the world.
Teuwen's research reveals that the backdoor requires only minutes of physical proximity to exploit, allowing for rapid and large-scale attacks if an adversary can compromise the supply chain. The flaw was discovered during security testing on the MIFARE Classic card family, which is extensively used in public transportation and hospitality.
Introduced in 1994 by Philips (now NXP Semiconductors), the MIFARE Classic card has faced numerous security challenges over the years. Despite updates and new versions aimed at addressing these issues, the FM11RF08S variant released by Fudan Microelectronics in 2020 included specific countermeasures designed to protect against known attacks.
However, Teuwen found a significant vulnerability in the FM11RF08S cards, which utilize a "static encrypted nonce" as a countermeasure. This flaw allows the decryption of keys in just minutes if they are reused across multiple cards or sectors. Further investigation uncovered a hardware backdoor that permits authentication using an unknown key, which is universally common among FM11RF08S cards.
Teuwen also identified a similar backdoor in the earlier FM11RF08 card generation, as well as in other models from Fudan Microelectronics and previous versions from NXP and Infineon Technologies. This vulnerability provides access to all user-defined keys on these cards, even when fully diversified, through brief physical access.
Quarkslab’s findings highlight a critical issue for many users who may not realize that their MIFARE Classic cards are actually Fudan FM11RF08 or FM11RF08S models. These compromised cards have been identified in hotels across the US, Europe, and India.
The company advises immediate action to review and secure affected infrastructure, emphasizing the widespread impact of this security flaw.
No comments:
Post a Comment