Video and report on mifare attack

As promised, Radboud university came out with a video and a report (ENG PDF) on the Mifare hack.

I wonder how long it will take before the software is out on the market .. I know I want a copy 😉

Click the image to see how one billion (!) cards can be hacked/cloned.

RIP mifare classic

This entry was posted on Thursday, March 13th, 2008 at 12:16 and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

6 Responses to “Video and report on mifare attack”

  1. hta says:
    March 13, 2008 at 19:29

    (English text in the reply)

    Zoek maar eens op onder staande filmpje
    Dit is een filmpje gemaakt door/van “Tiger team”.
    Waar in zij een prenetaite test doen. In dit filmpje clonen zij ook een kaart. Dus of het nu nieuw is ??

    Tiger.Team.S01E02.DSR.XviD-iHT — bij een juwelier

    Ook bestaat Tiger.Team.S01E01.DSR.XviD-iHT — bij excusieve auto garage

  2. Barry says:
    March 14, 2008 at 09:54

    Beste HTA, (english text below)

    Bedankt voor de tiger-team links, die zijn op deze website al eens voorbij gekomen.

    De kaarten die men daar wist te clonen zijn van een oudere, makelijkere generatie.

    Wat nieuw en bijzonder is aan de mifare hack is dat mifare bekend stond als ‘veilig’, en naar nu blijkt zelfs de nederlandse overheid er zwaar op heeft vertrouwd. En nu met de gebakken peren zit ….

    HTA asks if the Mifare hack is anyting new as the tiger team already demonstrated an attack on wireless cards.

    My answer was that the cards used in the tiger team episode were of an older and more easy type as the Mifare cards.

    Until December 2008 the Mifare classic card was considered high security, even by our own government who (as we learned now) heavily relied on it.

  3. Jean-Claude says:
    March 15, 2008 at 09:20

    Quite frankly, Europe is insane for using this type of system. The satellite industry moved away from this type of authentication almost a decade ago.

  4. Andrew says:
    March 17, 2008 at 07:16

    the anti passback feature would eliminate this attack. If Garcia is already in the building the anti-passback would prevent anyone else from entering with the same card #. I suppose you could wait until he leaves to gain entry unless you have some sort of access policy in place that says your card will only work from 9-5 and all other times the card is rejected.

  5. Jean-Claude says:
    March 17, 2008 at 20:29

    Anti passback (is that the term?) is useless in this case. Given enough time, and dedication, who’s to stop an attacker like this from being Mr. Garcia, Smith, or Jones? During working hours?

  6. stronglink says:
    August 6, 2009 at 07:43

    I agree that security by obscurity is a no win game, and yup, the researchers are the ones who are too often punished.


«
»