[Facil] [Fwd: [MLUG] OT: RFID Code Cracked, So much for STM security]

[Fabian Rodriguez]

Voilà, ça n'a pas pris de temps... qq'un a un lien franco vers cette 
information ?

A+

Fabian


-------- Original Message --------
Subject: 	[MLUG] OT: RFID Code Cracked, So much for STM security
Date: 	Sun, 2 Nov 2008 17:19:28 -0500
From: 	Leslie Satenstein <leslie.satenstein at gmail.com>
Reply-To: 	Montreal Linux Users Group <mlug at listserv.mlug.ca>
To: 	Montreal Linux Users Group <mlug at listserv.mlug.ca>



RFID encryption has been cracked.  Does anyone know how long before STM 
Student or adult OPUS cards will be cloned to provide unlimited system 
rides? 

STM decided on OLD technology, before designers were concerned about 
encryption and cloning.

Here is the article.


    Computer & Internet Security News

27 October 2008


  RFID hack details made public

By Brenno de Winter Webwereld Netherlands

Transport users could be shown ways to travel on underground systems for 
free, thanks to an open source project that has built on the work of the 
scientists who cracked the algorithm of the Mifare Classic chip used in 
access control systems.


The project implements an attack on the CRYPTO1-algorithm used in the 
highly popular Mifare Classic chip. The project is carries the cynical 
name Crapto1 and has been totally based on the information in a paper by 
scientists from the Dutch Radboud University.

The project was started by a programmer that identifies himself as Bla. 
He claimed to be studying RFID and figured that implementing the 
algorithm looked like fun. "And the stats in the different publications 
were pretty amazing. I wanted to see it in action," he said in an 
interview with Techworld's sister paperm, Webwereld <http://webwereld.nl/>. 

According to his account he never planned to publish the source code, 
but decided to do so when someone suggested it. His basic idea is to 
spread knowledge and not cause harm. "My code is meant for educational 
purposes. I'm not encouraging anybody to break any laws," he said.

The knowledge in itself isn't new and researchers have demonstrated how 
to enter buildings by cloning cards, without releasing any further 
details or software.

However, the code is the long-anticipated missing link between reading 
the Mifare Classic chips and actually using them to the full extent. 
Combined with readily available hardware, users have all the tools to 
execute a successful attack. There are RFID readers available online for 
less than US$150, such as the Proxmark III or the OpenPCD, for which the 
accompanying software is available as open source.

With the software in hand anyone with some technical skills can retrieve 
the secret key of a system and thus use it to gain access to buildings. 
For the public transportation systems the attack paves the way for 
executing a denial-of-service attack by damaging cards or obtaining free 
travel by altering or cloning data.

The latter was the fear of Massachusetts Bay Transportation Authority 
(MBTA) when they sued three students from Massachusetts Institute of 
Technology (MIT) in order to prevent them from sharing technical details 
of the flawed CharlieCard. In court documents the company said it was 
concerned by claims that people could ride for free. Earlier, Dutch 
company Trans Link Systems, responsible for introducing a Mifare Classic 
transportation card in the Netherlands, had added fraud detection in the 
back office to combat anticipated fraudulent use of the system.

While fraud mitigation may work on these type of systems, they will also 
harm innocent travellers, making for a successful denial-of-service 
attack. Using the software, miscreants could also overwrite existing 
cards with bogus information, thus disrupting regular travel.