It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
University sued over Cracking RFID
page: 11
share:
Source
this is a blatant attempt at censorship which will harm security. many of these smartcards are used for sensitive
iow, the system is completely unsafe, but instead of updating their products, or even refraining from using RFID for such security applications due to their inherent vulnerability through remote reading, they turn to censorship.
i sy let them have their way, it'll make it easier for people with labtops and the right software to just walk into an ammo depot and set the whole thing off. it is said that bean counters are reluctant to change anything until the results of their negligience become catastrophic.
Needless to add, that such high-profile failures would go a long way towards justifying our general objection to RFID applications in the eye of the public.
A semiconductor company is suing a Dutch university to keep its researchers from publishing information about security flaws in the RFID chips used in up to 2 billion smart cards.
The cards are used to open doors in corporate and government buildings and to board public transportation systems.
NXP Semiconductors filed suit in Court Arnhem in The Netherlands against Radboud University Nijmegen. The company is pushing the courts to keep university researchers from publishing a paper about reported security flaws in the MiFare Classic, an RFID chip manufactured by NXP Semiconductors.
this is a blatant attempt at censorship which will harm security. many of these smartcards are used for sensitive
ince the MiFare Classic smart cards use a radio chip, Nohl said he easily can scan them for information. If someone came out of a building carrying a smart card door key, he could walk past them with a laptop and scanner in a backpack or bag and skim data from their card. He also could walk past the door and scan for data captured to the reader.
Once he's captured information from a smart card and/or the card reader on the door, he would have enough information to find the cryptographic key and duplicate a smart card with the necessary encryption information to open the door. He said the whole process would take him less than two minutes.
....
Van Wyk noted in March that one European country had deployed soldiers to guard some government facilities that used the MiFare Classic chip in their smart door key cards. "Deploying guards to facilities like that is not done lightly," he said. "They recognize that they have a huge exposure. Deploying guards is expensive. They're not doing it because it's fun. They're safeguarding their systems." Van Wyk declined to identify the European country under discussion.
iow, the system is completely unsafe, but instead of updating their products, or even refraining from using RFID for such security applications due to their inherent vulnerability through remote reading, they turn to censorship.
i sy let them have their way, it'll make it easier for people with labtops and the right software to just walk into an ammo depot and set the whole thing off. it is said that bean counters are reluctant to change anything until the results of their negligience become catastrophic.
Needless to add, that such high-profile failures would go a long way towards justifying our general objection to RFID applications in the eye of the public.
Lays to waste the argument once and for all about how secure an RFID chip / card really is doesn't it?
They cracked it, so will criminals and it will be the little man who suffers.
They cracked it, so will criminals and it will be the little man who suffers.
Whatever happened to the good`ol keys?
The kind you would need a bar of soap, or wax (or whatever they use in the movies) to copy....
Can`t say they are as easily forged.
The kind you would need a bar of soap, or wax (or whatever they use in the movies) to copy....
Can`t say they are as easily forged.
Was the suit brought under WTO intellectual-property protection laws?
If anyone knows, would they post the information, please?
Edit to add:
Anyway, NXP lost.
NXP loses injunction bid – Oyster card hack to be disclosed
[edit on 23-7-2008 by Astyanax]
If anyone knows, would they post the information, please?
Edit to add:
Anyway, NXP lost.
NXP loses injunction bid – Oyster card hack to be disclosed
[edit on 23-7-2008 by Astyanax]
In talks with US colleagues a while back, this subject came up and we talked at length about the various card technologies available. I found it
funny that they concentrated so much on the ability of the bad guys to "hack" the card data and clone it to gain entry to one of our facilities.
I then blew them away by pointing out that if someone were so determined to access our buildings with the aim of stealing equipment or data, all they had to do was get a job with the janitorial company that services the offices. That way they'd have a legitimate ID card, with the correctly printed photo / logo and security overlay and have unfettered access to almost all areas, unsupervised while there was likely to be nobody else there.
It's all a matter of establishing / determining the risk factors. The likelihood of someone actually covertly getting close enough to clone a badge ID is remote. Yes, it can be done but what is the likelihood?
So, Johnny Badguy has cloned a card and tries to access the building. Unless he has the necessary access rights assigned, his cloned card is still not going to get him any further than the main entrance / general access doors - IF the access system is properly programmed and security levels are tight. The holder of the cloned card can only access doors with card only readers and, should there be biometric access installed, he is scuppered.
NO system yet designed is infallible, if someone is determined to get into your premises they will do so.
I then blew them away by pointing out that if someone were so determined to access our buildings with the aim of stealing equipment or data, all they had to do was get a job with the janitorial company that services the offices. That way they'd have a legitimate ID card, with the correctly printed photo / logo and security overlay and have unfettered access to almost all areas, unsupervised while there was likely to be nobody else there.
It's all a matter of establishing / determining the risk factors. The likelihood of someone actually covertly getting close enough to clone a badge ID is remote. Yes, it can be done but what is the likelihood?
So, Johnny Badguy has cloned a card and tries to access the building. Unless he has the necessary access rights assigned, his cloned card is still not going to get him any further than the main entrance / general access doors - IF the access system is properly programmed and security levels are tight. The holder of the cloned card can only access doors with card only readers and, should there be biometric access installed, he is scuppered.
NO system yet designed is infallible, if someone is determined to get into your premises they will do so.
I'm a little surprised that a weak encryption method was used. Under 2 minutes with a laptop is the same as no encryption.
I'd think the industry would want to be aware of the security issues with the technology. All this article really did was point out to everyone with an idea, that this new technology has security issues and will become a new target of opportunity.
It will be interesting to see what else comes to light as more people "explore" the vulnerabilities of RFID.
I'd think the industry would want to be aware of the security issues with the technology. All this article really did was point out to everyone with an idea, that this new technology has security issues and will become a new target of opportunity.
It will be interesting to see what else comes to light as more people "explore" the vulnerabilities of RFID.
Originally posted by Britguy
.. all they had to do was get a job with the janitorial company that services the offices. That way they'd have a legitimate ID card, with the correctly printed photo / logo and security overlay and have unfettered access to almost all areas, unsupervised while there was likely to be nobody else there.
It's all a matter of establishing / determining the risk factors. The likelihood of someone actually covertly getting close enough to clone a badge ID is remote. Yes, it can be done but what is the likelihood?
if you do that, your profile will be registered, so unless this is supposed to be a suicide mission, the approach will land you in jail as long as what you will do can easily be detected.
it's RFID, maximum range at nominal power levels is not that far, increasing transmitter power will increase that range, however. imagine using public transport. the guy sitting near you is working on his laptop...
remember, it takes two minutes to decode the message, transmitting is accomplished within a second. you mentioned biometrics, well, such systems would raise the threshold and even foil an attack if you're aware.
but rest assured, since biometrics can't be changed, once systems relying on them become widespread, all you have to do is manipulate, say an ATM, much in the same way as parasitic cardreaders are used today.
unlike a PIN or key, your fingerprints cannot be changed without a hefty dose of acid.
[edit on 2008.7.23 by Long Lance]
new topics
-
Any one suspicious of fever promotions events, major investor Goldman Sachs card only.
The Gray Area: 27 minutes ago -
God's Righteousness is Greater than Our Wrath
Religion, Faith, And Theology: 4 hours ago -
Electrical tricks for saving money
Education and Media: 8 hours ago -
VP's Secret Service agent brawls with other agents at Andrews
Mainstream News: 9 hours ago -
Sunak spinning the sickness figures
Other Current Events: 10 hours ago -
Nearly 70% Of Americans Want Talks To End War In Ukraine
Political Issues: 10 hours ago
top topics
-
VP's Secret Service agent brawls with other agents at Andrews
Mainstream News: 9 hours ago, 9 flags -
Cats Used as Live Bait to Train Ferocious Pitbulls in Illegal NYC Dogfighting
Social Issues and Civil Unrest: 13 hours ago, 8 flags -
Electrical tricks for saving money
Education and Media: 8 hours ago, 4 flags -
HORRIBLE !! Russian Soldier Drinking Own Urine To Survive In Battle
World War Three: 17 hours ago, 3 flags -
Sunak spinning the sickness figures
Other Current Events: 10 hours ago, 3 flags -
Nearly 70% Of Americans Want Talks To End War In Ukraine
Political Issues: 10 hours ago, 3 flags -
Late Night with the Devil - a really good unusual modern horror film.
Movies: 12 hours ago, 2 flags -
The Good News According to Jesus - Episode 1
Religion, Faith, And Theology: 15 hours ago, 1 flags -
Any one suspicious of fever promotions events, major investor Goldman Sachs card only.
The Gray Area: 27 minutes ago, 1 flags -
God's Righteousness is Greater than Our Wrath
Religion, Faith, And Theology: 4 hours ago, 0 flags
active topics
-
SETI chief says US has no evidence for alien technology. 'And we never have'
Aliens and UFOs • 54 • : andy06shake -
Russia Ukraine Update Thread - part 3
World War Three • 5728 • : F2d5thCavv2 -
Electrical tricks for saving money
Education and Media • 5 • : BeyondKnowledge3 -
Nearly 70% Of Americans Want Talks To End War In Ukraine
Political Issues • 14 • : FlyersFan -
God's Righteousness is Greater than Our Wrath
Religion, Faith, And Theology • 2 • : randomuser2034 -
Terrifying Encounters With The Black Eyed Kids
Paranormal Studies • 74 • : Consvoli -
-@TH3WH17ERABB17- -Q- ---TIME TO SHOW THE WORLD--- -Part- --44--
Dissecting Disinformation • 658 • : F2d5thCavv2 -
Any one suspicious of fever promotions events, major investor Goldman Sachs card only.
The Gray Area • 0 • : Cavemannick -
Sunak spinning the sickness figures
Other Current Events • 7 • : xWorldxGonexMadx -
HORRIBLE !! Russian Soldier Drinking Own Urine To Survive In Battle
World War Three • 33 • : Degradation33
1