We have analysed Czech/Slovak most used public transport and access smart cards (Bratislava public transport card, University/ISIC cards, parking cards, Slovak Lines cards etc) based on Mifare Classic technology.
Using various technologies and thanks to publically available academical papers, we have demonstrated the possibility of gaining all access keys used for the card content encryption.
We have also verified that these keys can be subsequently used for complete reading, altering and cloning the cards that can pose a serious threat for affected transport companies.
We have also estimated costs of effective attacks and proposed appropriate effective countermeasures from the most secure ones (replacement of all vulnerable cards) to less secure ones (bind card’s UID with passenger, UID whitelisting, digital signing, “decrement counter” solution).
For the demonstration of the seriousness of these vulnerabilities we have implemented and released our own implementation of “offline nested” attack that can be used for offline cracking of all keys for all sectors without valid RFID reader.
An official paper of revealed Slovak and Czech Mifare Classic vulnerabilities (in Slovak)
Technical presentation of Mifare Classic vulnerabilities
Our Mifare Classic Offline Cracker (new version 0.09 for libnfc 1.3.9)
(tested with crapto1, libnfc and Tikitag/Touchatag reader)
Presentations: