Welcome to P2PNET.net - The original daily p2p and digital news site. Always First!
Register | Login
RIAA News
Cool Stuff
MPAA News
Games / Consoles
News
Music
Movies
TV
Open Source
Mobiles
Advertising
Product News
P2P
Off Topic
Freedom
Politics
Interviews
Security
DRM
Links
Kids and Kartels
Search: 
Search
 
Web P2PNET   
   Search: 
Search
Torrent Site Tracker
TekSavvy
 
Add real-time p2pnet headlines to YOUR site ! Click here to download our newsfeed code

Opening an Oyster with Crapto1

p2pnet news view | Security:- “A decisive breakthrough has been made in the cryptanalysis of the Crypto1 encryption algorithm of the MiFare Classic RFID system used in many contactless travel payment systems including the Transport for London Oyster card,” said Heise Online back in April, going on:

“According to a newly published report by Nicolas Courtois, Karsten Nohl and Sean O’Neil, the encryption can be cracked in a few seconds on PC hardware, without the laborious precalculation of rainbow tables. The researchers conclude that the security of the algorithm is ‘close to zero’.”

Now, “A hacker using the pseudonym Bla has published an open source tool called Crapto1 for cracking the encryption of the Mifare Classic RFID chip, as used in the Oyster Card,” says a new Heise Online story, continuing:

“Besides an implementation in C of the vulnerable Crypto1 algorithm, the archive also contains the C source code for an attack that has been described in a paper by Dutch security researchers at Radboud University.  Using the tool it is said to be possible to calculate the access code of a Mifare Classic card within around two seconds.”

All hackers need is a live recording of an encrypted radio communication between the card and a legitimate reader, and a little programming knowledge, says Heise.

“The access code then allows him not only to decode the encrypted data, but also to manipulate the card’s content virtually without limit and to clone it to obtain services fraudulently.”

The increasing number, and decreasing complexity, of attacks on RFID systems, “could force many organisations into upgrading their systems. Many non-contact payment systems around the world are based on Mifare Classic chips,” it says, adding:

“The Mifare Classic is also used in many access control systems worldwide. In the Netherlands, a changeover from the OV Chipkaart to the Mifare Classic for travel on local transport services is in full swing right now.”
Add to Technorati Favorites

Heise Online – Is the MiFare Classic RFID system blown?, April 21, 2008
Heise Online -  Programming tools for cracking Mifare published, October 28, 2008

Use free p2pnet newsfeeds for your site. It’s really easy!

Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php

Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details.

This entry was posted on Wednesday, October 29th, 2008 at 9:58 am and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 7333 times

« previous Falling victim to ‘clickjacking’
New York Times hypes Obama ad trailer next »

Leave a Reply

Please no Spam, flaming (attacking others), trolling, and posting off-topic. Thanks.

    Advertisements
MP3Rocket


Remove Spyware with AntiSpyware for Windows®