{"id":774,"date":"2015-11-08T13:10:20","date_gmt":"2015-11-08T13:10:20","guid":{"rendered":"http:\/\/nethemba.com\/de\/ueber-uns\/forschung\/critical-vulnerabilities-in-czechslovak-mifare-classic-cards\/"},"modified":"2016-06-27T12:47:21","modified_gmt":"2016-06-27T12:47:21","slug":"critical-vulnerabilities-in-czechslovak-mifare-classic-cards","status":"publish","type":"page","link":"https:\/\/nethemba.com\/de\/ueber-uns-old\/forschung\/critical-vulnerabilities-in-czechslovak-mifare-classic-cards\/","title":{"rendered":"Critical vulnerabilities in Czech\/Slovak Mifare Classic cards"},"content":{"rendered":"<p lang=\"en-GB\">We have analysed Czech\/Slovak most used public transport and access smart cards (Bratislava public transport card, University\/ISIC cards, parking cards, Slovak Lines cards etc) based on Mifare Classic technology.<\/p>\n<p lang=\"en-GB\">Using various technologies and thanks to publically available academical papers, we have demonstrated the possibility of gaining all access keys used for the card content encryption.<br \/>\nWe have also verified that these keys can be subsequently used for complete reading, altering and cloning the cards that can pose a serious threat for affected transport companies.<br \/>\nWe have also estimated costs of effective attacks and proposed appropriate effective countermeasures from the most secure ones (replacement of all vulnerable cards) to less secure ones (bind card&#8217;s UID with passenger, UID whitelisting, digital signing, &#8222;decrement counter&#8220; solution).<\/p>\n<p lang=\"en-GB\">For the demonstration of the seriousness of these vulnerabilities we have implemented and released our own implementation of &#8222;offline nested&#8220; attack that can be used for offline cracking of all keys for all sectors without valid RFID reader.<\/p>\n<p lang=\"en-GB\"><a href=\"https:\/\/nethemba.com\/resources\/mifare-classic-zranitelnosti.pdf\">An official paper of revealed Slovak and Czech Mifare Classic vulnerabilities (in Slovak)<\/a><\/p>\n<p lang=\"en-GB\"><a href=\"https:\/\/nethemba.com\/resources\/mifare-classic-slides.pdf\">Technical presentation of Mifare Classic vulnerabilities<\/a><\/p>\n<p lang=\"en-GB\"><a href=\"https:\/\/github.com\/nfc-tools\/mfoc\">Our Mifare Classic Offline Cracker (new version 0.09 for libnfc 1.3.9)<\/a><\/p>\n<p lang=\"en-GB\">(tested with <a href=\"http:\/\/code.google.com\/p\/crapto1\/\">crapto1<\/a>, <a href=\"http:\/\/www.libnfc.org\/\">libnfc<\/a> and <a href=\"http:\/\/www.touchatag.com\/\">Tikitag\/Touchatag reader<\/a>)<\/p>\n<p lang=\"en-GB\"><strong>Presentations:<\/strong><\/p>\n<ul>\n<li><a href=\"http:\/\/konference.iinfo.cz\/tib-2010\/program\/\">Confidence 2.0 in Warsaw<\/a><\/li>\n<li><a href=\"http:\/\/konference.iinfo.cz\/tib-2010\/program\/\">Trendy v Internetov\u00e9 bezpe\u010dnosti in\u00a0Prague<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>We have analysed Czech\/Slovak most used public transport and access smart cards (Bratislava public transport card, University\/ISIC cards, parking cards, Slovak Lines cards etc) based on Mifare Classic technology. Using various technologies and thanks to publically available academical papers, we have demonstrated the possibility of gaining all access keys used for the card content encryption. [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":526,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"class_list":["post-774","page","type-page","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Critical vulnerabilities in Czech\/Slovak Mifare Classic cards - Nethemba<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nethemba.com\/de\/ueber-uns-old\/forschung\/critical-vulnerabilities-in-czechslovak-mifare-classic-cards\/\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Critical vulnerabilities in Czech\/Slovak Mifare Classic cards - Nethemba\" \/>\n<meta property=\"og:description\" content=\"We have analysed Czech\/Slovak most used public transport and access smart cards (Bratislava public transport card, University\/ISIC cards, parking cards, Slovak Lines cards etc) based on Mifare Classic technology. Using various technologies and thanks to publically available academical papers, we have demonstrated the possibility of gaining all access keys used for the card content encryption. [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nethemba.com\/de\/ueber-uns-old\/forschung\/critical-vulnerabilities-in-czechslovak-mifare-classic-cards\/\" \/>\n<meta property=\"og:site_name\" content=\"Nethemba\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/nethemba\" \/>\n<meta property=\"article:modified_time\" content=\"2016-06-27T12:47:21+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@nethemba\" \/>\n<meta name=\"twitter:label1\" content=\"Gesch\u00e4tzte Lesezeit\" \/>\n\t<meta name=\"twitter:data1\" content=\"1\u00a0Minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/ueber-uns-old\\\/forschung\\\/critical-vulnerabilities-in-czechslovak-mifare-classic-cards\\\/\",\"url\":\"https:\\\/\\\/nethemba.com\\\/de\\\/ueber-uns-old\\\/forschung\\\/critical-vulnerabilities-in-czechslovak-mifare-classic-cards\\\/\",\"name\":\"Critical vulnerabilities in Czech\\\/Slovak Mifare Classic cards - Nethemba\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#website\"},\"datePublished\":\"2015-11-08T13:10:20+00:00\",\"dateModified\":\"2016-06-27T12:47:21+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/ueber-uns-old\\\/forschung\\\/critical-vulnerabilities-in-czechslovak-mifare-classic-cards\\\/#breadcrumb\"},\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nethemba.com\\\/de\\\/ueber-uns-old\\\/forschung\\\/critical-vulnerabilities-in-czechslovak-mifare-classic-cards\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/ueber-uns-old\\\/forschung\\\/critical-vulnerabilities-in-czechslovak-mifare-classic-cards\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nethemba.com\\\/de\\\/home-new-2025\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u00dcber uns\",\"item\":\"https:\\\/\\\/nethemba.com\\\/de\\\/?page_id=317\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Forschung\",\"item\":\"https:\\\/\\\/nethemba.com\\\/de\\\/ueber-uns-old\\\/forschung\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Critical vulnerabilities in Czech\\\/Slovak Mifare Classic cards\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#website\",\"url\":\"https:\\\/\\\/nethemba.com\\\/de\\\/\",\"name\":\"Nethemba\",\"description\":\"We care about your security\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nethemba.com\\\/de\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"de\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Critical vulnerabilities in Czech\/Slovak Mifare Classic cards - Nethemba","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nethemba.com\/de\/ueber-uns-old\/forschung\/critical-vulnerabilities-in-czechslovak-mifare-classic-cards\/","og_locale":"de_DE","og_type":"article","og_title":"Critical vulnerabilities in Czech\/Slovak Mifare Classic cards - Nethemba","og_description":"We have analysed Czech\/Slovak most used public transport and access smart cards (Bratislava public transport card, University\/ISIC cards, parking cards, Slovak Lines cards etc) based on Mifare Classic technology. Using various technologies and thanks to publically available academical papers, we have demonstrated the possibility of gaining all access keys used for the card content encryption. [&hellip;]","og_url":"https:\/\/nethemba.com\/de\/ueber-uns-old\/forschung\/critical-vulnerabilities-in-czechslovak-mifare-classic-cards\/","og_site_name":"Nethemba","article_publisher":"https:\/\/www.facebook.com\/nethemba","article_modified_time":"2016-06-27T12:47:21+00:00","twitter_card":"summary_large_image","twitter_site":"@nethemba","twitter_misc":{"Gesch\u00e4tzte Lesezeit":"1\u00a0Minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/nethemba.com\/de\/ueber-uns-old\/forschung\/critical-vulnerabilities-in-czechslovak-mifare-classic-cards\/","url":"https:\/\/nethemba.com\/de\/ueber-uns-old\/forschung\/critical-vulnerabilities-in-czechslovak-mifare-classic-cards\/","name":"Critical vulnerabilities in Czech\/Slovak Mifare Classic cards - Nethemba","isPartOf":{"@id":"https:\/\/nethemba.com\/de\/#website"},"datePublished":"2015-11-08T13:10:20+00:00","dateModified":"2016-06-27T12:47:21+00:00","breadcrumb":{"@id":"https:\/\/nethemba.com\/de\/ueber-uns-old\/forschung\/critical-vulnerabilities-in-czechslovak-mifare-classic-cards\/#breadcrumb"},"inLanguage":"de","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nethemba.com\/de\/ueber-uns-old\/forschung\/critical-vulnerabilities-in-czechslovak-mifare-classic-cards\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/nethemba.com\/de\/ueber-uns-old\/forschung\/critical-vulnerabilities-in-czechslovak-mifare-classic-cards\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nethemba.com\/de\/home-new-2025\/"},{"@type":"ListItem","position":2,"name":"\u00dcber uns","item":"https:\/\/nethemba.com\/de\/?page_id=317"},{"@type":"ListItem","position":3,"name":"Forschung","item":"https:\/\/nethemba.com\/de\/ueber-uns-old\/forschung\/"},{"@type":"ListItem","position":4,"name":"Critical vulnerabilities in Czech\/Slovak Mifare Classic cards"}]},{"@type":"WebSite","@id":"https:\/\/nethemba.com\/de\/#website","url":"https:\/\/nethemba.com\/de\/","name":"Nethemba","description":"We care about your security","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nethemba.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"de"}]}},"_links":{"self":[{"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/pages\/774","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/comments?post=774"}],"version-history":[{"count":0,"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/pages\/774\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/pages\/526"}],"wp:attachment":[{"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/media?parent=774"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}