the confidentiality of its cryptographic algorithm.
If the algorithm were to be known, it can be exploited in an attack
with the respective expertise. Researchers of the Radboud University
have used knowledge of the algorithm to develop attacks to retrieve
the keys and the data that is stored on the MIFARE Classic card. As
attack software is now publicly accessible on the internet, we expect
that attack equipment will become available soon in order to
facilitate a variety of attacks on MIFARE Classic infrastructures.
These attacks would allow that:
* Through overhearing successful communications between the
reader of an existing infrastructure and a valid card, the data and/
or the keys involved in that transaction could be read
* While overhearing failed communications between the reader of
an existing infrastructure and any card, the key used by the reader
during that transaction could be retrieved
* These attacks could be carried out in minutes or less and with
means involving a laptop and equipment which can be built with
limited material cost (100 Euros)
* Card only attacks are possible in lab environments and at
considerable precalculation time. This is expected to further evolve
into an attack that does not need lab conditions and may require less
precalculation time.*
* One particular card only attack can, with a certain
prerequisite on knowledge about the card, retrieve all keys and data
from the card in about a second per key using a laptop and limited
value equipment. Interaction with the card can be limited to two
times less than a second: first to get material for key recovery and
then once the keys are retrieved an interaction to retrieve the data.*
Although a residual risk remains, there are techniques and
countermeasures to detect cards and data which have been tampered
with, some of which are described in the confidential application
notes published by NXP. We are happy to provide such application
notes to the interested parties (such as system integrators and
service operators) under a Non-Disclosure Agreement.
* (The recent vulnerabilities are courtesy to Radboud University
Nijmegen, who have given early warning to NXP in order to allow
timely communication such that system integrators can take measures).