Researchers at Ruhr University in Bochum have succeeded in copying the key from one make of RFID card. As well as having the obvious benefit of convenience, RFID cards, which are used for access control and billing, are supposed to be very secure. But a copied card would offer attackers plenty of scope for abuse.

David Oswald and Christof Paar have succeeded in reading the 3DES key from DESFire MF3ICD40 model cards produced by Mifare, a subsidiary of NXP Semiconductors. The cards are used by transport operators in the Czech Republic, Melbourne, San Francisco and elsewhere. Three years ago, hackers succeeded in decrypting a different RFID card, from the same vendor, used in the Dutch public transport system.

The new hack is carried out using a side channel attack, which bypasses the defensive features intended to prevent attacks on the card. To achieve this, the researchers made repeated measurements of electricity consumption during encryption and decryption. This can be determined by measuring the magnetic field close to the card.

According to Oswald and Paar, Mifare cards with AES encryption are not vulnerable to their attack. The vendor has confirmed the existence of the vulnerability and is advising its customers to switch to more recent makes of card.

(djwm)