It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
A semiconductor company is suing a Dutch university to keep its researchers from publishing information about security flaws in the RFID chips used in up to 2 billion smart cards.
The cards are used to open doors in corporate and government buildings and to board public transportation systems.
NXP Semiconductors filed suit in Court Arnhem in The Netherlands against Radboud University Nijmegen. The company is pushing the courts to keep university researchers from publishing a paper about reported security flaws in the MiFare Classic, an RFID chip manufactured by NXP Semiconductors.
ince the MiFare Classic smart cards use a radio chip, Nohl said he easily can scan them for information. If someone came out of a building carrying a smart card door key, he could walk past them with a laptop and scanner in a backpack or bag and skim data from their card. He also could walk past the door and scan for data captured to the reader.
Once he's captured information from a smart card and/or the card reader on the door, he would have enough information to find the cryptographic key and duplicate a smart card with the necessary encryption information to open the door. He said the whole process would take him less than two minutes.
....
Van Wyk noted in March that one European country had deployed soldiers to guard some government facilities that used the MiFare Classic chip in their smart door key cards. "Deploying guards to facilities like that is not done lightly," he said. "They recognize that they have a huge exposure. Deploying guards is expensive. They're not doing it because it's fun. They're safeguarding their systems." Van Wyk declined to identify the European country under discussion.
Originally posted by Britguy
.. all they had to do was get a job with the janitorial company that services the offices. That way they'd have a legitimate ID card, with the correctly printed photo / logo and security overlay and have unfettered access to almost all areas, unsupervised while there was likely to be nobody else there.
It's all a matter of establishing / determining the risk factors. The likelihood of someone actually covertly getting close enough to clone a badge ID is remote. Yes, it can be done but what is the likelihood?