Research

01

For our released papers and presentations see our Consulting & Training services.

In case you are interested in our sponsored security research see Sponsored Security Research.

We have analysed and revealed serious vulnerabilities in various publicly available systems. A lot of these vulnerabilities have been presented on various renowned security conferences:

  • Public security analysis of Slovak biometric passports
  • Critical vulnerabilities in the most used Slovak and Czech Mifare smartcards
  • Critical vulnerabitilies in public transport SMS tickets

Public security analysis of Slovak biometric passports

02

(still in progress – if you can help us, do not hesitate to contact us)

We have practically demonstrated the possibility of reading of a new Slovak biometric RFID passport. The passport can be read by arbitrary ISO14443A-compliant RFID reader (for our experiment we have used cheap touchatag reader that can be bought for 30 €).

Personal data are encrypted by Machine Readable Zone which is printed on the last but one page of the passport. The MRZ is composed from the passport’s number, the birthdate and date of expiration. With the knowledge of this information MRZ can be computed. The following information can be obtained from the passport using MRZ:

  • All personal information that is already printed in the passport (EF.DG1)
  • Photograph of the passport holder (stored in JPEG) (EF.DG2)

The following information cannot be read using MRZ and require a special key (owned by the Slovak government):

  • Fingerprint of the passport holder (EF.DG3)
  • Active Authentication Public Key Info (EF.DG15)

The passport is not by-default protected by a special RFID shield, so it can be read closed from the distance of 5 cm. In case of using the stronger antenna this distance can be significantly bigger (up to 10 meters and it will increase in the future).

The passport returns a random unique ID (UID), so it is not possible to fingerprint it and determine its producer (this behaviour can be emulated by NXP JCOP 41 v2.2.1 72K RANDOM_UID smartcard).

Without “Active Authentication Public Key Info” it is not easy to clone the passport.

To verify:

  • How do official Slovak biometrical passport readers respond, when they read the passport with invalid hash, digital sign, absence of AA information (do they accept an imperfect clone?)
  • Is it possible to create the imperfect clone (using NXP JCOP 41 v2.2.1 72k RANDOM_UID smartcard) where EF.DG3 and EF.DG15 is removed from the passport index? Do official Slovak biometrical passport readers accept this clone?
  • Is it possible to attack the chip using covert channels (e.g. using byTime-Power Analysis of RSA?)
  • Analysis of MRZ entropy:
    date of expiry (10 years) = 3650 values
    birthday (estimation +/- 5 years) = 3650 values
    passport number (2 alpha characters + 7 numbers) = 25 * 25 * (10 ^ 7) = 6250000000 values
  • Is it possible to determine the passport number? (what algorithm is used for assigning new passport numbers?)

You have a right to be informed about security of technologies that process your sensitive information!

Critical vulnerabilities in Czech/Slovak Mifare Classic cards

03

We have analysed Czech/Slovak most used public transport and access smart cards (Bratislava public transport card, University/ISIC cards, parking cards, Slovak Lines cards etc) based on Mifare Classic technology.

Using various technologies and thanks to publically available academical papers, we have demonstrated the possibility of gaining all access keys used for the card content encryption.
We have also verified that these keys can be subsequently used for complete reading, altering and cloning the cards that can pose a serious threat for affected transport companies.
We have also estimated costs of effective attacks and proposed appropriate effective countermeasures from the most secure ones (replacement of all vulnerable cards) to less secure ones (bind card’s UID with passenger, UID whitelisting, digital signing, “decrement counter” solution).

For the demonstration of the seriousness of these vulnerabilities we have implemented and released our own implementation of “offline nested” attack that can be used for offline cracking of all keys for all sectors without valid RFID reader.

An official paper of revealed Slovak and Czech Mifare Classic vulnerabilities (in Slovak)

Technical presentation of Mifare Classic vulnerabilities

Our Mifare Classic Offline Cracker (new version 0.09 for libnfc 1.3.9)

(tested with crapto1, libnfc and Tikitag/Touchatag reader)

Presentations:

Public Transport SMS Tickets Vulnerability

04

SMS tickets are widely used in the big cities in Central Europe (Prague, Bratislava, Košice, Vienna, Warsaw, ..)

The primary aim of this presentation is to show a serious inherent vulnerability in the public transport SMS tickets systems used in many big cities.

Firstly, prerequisites for a successful hack are described. Then a proposed SMS ticket hacking network architecture is outlined, including a SMS ticket hack server, SMS ticket mobile hack clients and their encrypted communication protocol.

The author describes various partial solutions how to fix this vulnerability including instructions for attackers how to evade them (e.g. by using decentralized private P2P mobile network).

Finally, an effective countermeasure is proposed: secure SMS ticket generation methods based on symmetric/asymmetric cryptography and a security improvement of transport inspector’s checking process.

Despite the fact that public transport companies have already been informed about this serious vulnerability, they ignore this fact and still use the vulnerable systems.

Presentation: Public Transport SMS ticket’s hacking (presentation)

Presentation / References: