Breaking news from the Dutch Ministry of internal affairs website:
Radboud university fully broke myfair classic.
“With little effort abuse is possible and cards can be cracked and copied easily.”
Below is my rough translation of their letter to inform our parliament.
Between the lines I read panic ….
March 12
Radboud University in Nijmegen (the Netherlands) had recently notified me their research group ‘Digital Security’ developed a method to easily crack and duplicate a large number of chipcards.
This concerns all (access control)cards containing the so called ‘mifare classic-chip’, used in applications that do not rely on additional security measures (like our nation wide transport card).
We guess around two million access control cards are in use in the Netherlands, worldwide we assume one billion.
In various Governmental and private sector this chiptechnoligy is in use.
Our national intelligence agency (AIVD) has, on my request, checked the method at the Radboud University, and confirmed their claim is correct and works.
I have ordered AIVD to follow up and conduct more research.
It must be taken into account as soon as details of the university research become public, the possibilities of abuse are going to be so easy that additional measures are necessary to maintain ‘the level of security’.
The new ‘governmental ID card’ (using a different technology) was supposed to be rolled out the fourth quarter of 2008. I am looking into if this can be speeded up.
I have requested AIVD to advise on security measures of the gevernmental ID card.
In the meantime government wide additional security measures will be taken.
I have requested my colleague ministers to inform the (public) sectors they are responsible for, so additional measures can be taken.
The Minister of internal affairs.
—
At 16:00 Radboud Univeristy will issue a press conference. By that time a report and video will be available on http://www.www.ru.nl/veiligheid-toegangspassen
This is just a very good example why security software and hardware should be open source: so that anyone can suggest corrections and that it could be relied upon and so that anyone can do a review.
Jaakko: I think the tide is changing … slowly …