Hacker News: Major Backdoor in RFID Cards Allows Instant Cloning

Source URL: https://www.securityweek.com/major-backdoor-in-millions-of-rfid-cards-allows-instant-cloning/
Source: Hacker News
Title: Major Backdoor in RFID Cards Allows Instant Cloning

Feedly Summary: Comments

AI Summary and Description: Yes

Summary: Quarkslab has uncovered a critical security vulnerability in contactless RFID cards manufactured by Shanghai Fudan Microelectronics Group, enabling attackers to clone these cards with mere physical proximity. This discovery raises significant security concerns across various industries, particularly in environments using MIFARE Classic cards.

Detailed Description:
The report from Quarkslab highlights severe security vulnerabilities in RFID smart cards, particularly those belonging to the MIFARE Classic card family. These vulnerabilities pose a danger not only to individual users but also to organizations using these cards in their infrastructure.

Key Points:
– **Discovery of Backdoor**: Philippe Teuwen from Quarkslab identified a substantial backdoor within millions of RFID smart cards made by Shanghai Fudan Microelectronics, facilitating instant cloning of cards used for accessing secured areas like office doors and hotel rooms.
– **Attack Mechanism**: The backdoor allows attackers to clone cards within a few minutes of physical proximity, particularly dangerous if an attacker can execute a supply chain attack.
– **Research Background**: The MIFARE Classic family, introduced in 1994 by Philips, has a history of security issues. Teuwen’s investigation was driven by the need to evaluate the security of the latest card variants.
– **Vulnerabilities of MIFARE Classic Cards**: “Card-only” attacks highlight the risks where attackers can read and write card contents just through close physical access, opening avenues for cloning without needing to compromise the card reader.
– **Recent Developments**: The FM11RF08S variant was introduced in 2020 with intended countermeasures against known attacks, yet Teuwen was able to devise an attack that cracked keys in minutes when reused across multiple sectors/cards.
– **Commonality of Backdoors**: Both FM11RF08S and FM11RF08 cards share vulnerabilities, with compromised keys across various models from both Shanghai Fudan and other chip manufacturers.
– **Recommendation for Action**: Quarkslab has called on organizations to assess their infrastructure, particularly those unaware of the origins of their card supply, as the MIFARE Classic cards in circulation, especially in international locations, might be impacted.

This discovery underscores the critical necessity for security and compliance professionals to:
– Continuously monitor hardware for vulnerabilities, especially in widely used technologies like contactless access.
– Develop robust incident response strategies to mitigate risks posed by supply chain vulnerabilities.
– Implement strict assessment protocols when onboarding technology and devices to ensure they do not introduce unforeseen security issues.