Major Backdoor in Millions of RFID Cards Allows Instant Cloning
French security services firm Quarkslab has uncovered a significant backdoor in millions of contactless cards produced by Shanghai Fudan Microelectronics Group, a prominent Chinese chip manufacturer.
This backdoor, detailed in a research paper by Quarkslab researcher Philippe Teuwen, enables the instantaneous cloning of RFID smart cards used globally to access office buildings and hotel rooms.
The backdoor requires only a few minutes of physical proximity to an affected card to execute an attack. However, an attacker capable of performing a supply chain attack could carry out these attacks instantaneously on a large scale, as explained by Teuwen in his paper.
Originally launched in 1994 by Philips (now NXP Semiconductors), the MIFARE Classic card family has been subjected to numerous attacks over the years. Security vulnerabilities that allow “card-only” attacks—attacks requiring access to a card but not the corresponding card reader—are particularly concerning, as they enable attackers to clone cards or read and write their content with just a few minutes of physical proximity. Over the years, new versions of the MIFARE Classic family have addressed various documented attacks.
This backdoor, detailed in a research paper by Quarkslab researcher Philippe Teuwen, enables the instantaneous cloning of RFID smart cards used globally to access office buildings and hotel rooms.
The backdoor requires only a few minutes of physical proximity to an affected card to execute an attack. However, an attacker capable of performing a supply chain attack could carry out these attacks instantaneously on a large scale, as explained by Teuwen in his paper.
Originally launched in 1994 by Philips (now NXP Semiconductors), the MIFARE Classic card family has been subjected to numerous attacks over the years. Security vulnerabilities that allow “card-only” attacks—attacks requiring access to a card but not the corresponding card reader—are particularly concerning, as they enable attackers to clone cards or read and write their content with just a few minutes of physical proximity. Over the years, new versions of the MIFARE Classic family have addressed various documented attacks.
No comments: