We can now raise a cheer for a group of a group of bright people in the Chaos Computer Club of Hamburg, Germany along with colleagues from the University of Virginia have succeeded in cracking the encryption scheme used on the Mifare Classic RFID chip sold by NXP.

It turns out that the proprietary encryption scheme has only 48 bits as opposed to modern algorithms that use 128 bit and 256 bit (or more) encryption.  Apparently cracking this encryption took “relatively little effort”.

This means that because these chips are in fairly wide use in a number of applications such as “contactless smartcard applications including fare collection, loyalty cards or access control cards.”, it’s possible for a determined individual (or corporation / criminal organization) could do quite a bit with it, from making it a lot easier for unscrupulous advertisers to track every time you purchase something and use the information to target advertising.. or more.  For example, say you decide to discreetly try a weight loss cream.  You don’t particularly want it generally known because of embarrassment or simply because you don’t know if it’ll work or not.  advertiser gets the information and you start getting more ads in email, on the phone and anywhere else you might see targeted ads, for other weight loss products and advice etc.  Your insurance company sees this information and your premiums go up because some number cruncher has decided that you’re now an increased risk for weight related health problems.

It’s bad enough that these infernal things are being used as much as they are but to have them out there with weak encryption only aggravates and already bad situation.  Of course, NXP, the maker of the chips in question, isn’t planing to change anything

Technorati Tags: chips, credit+cards, Encryption, loyalty+cards, Opinion, payment+systems, Privacy, rfid, Security, Technology, Tracking, tracking+chips

Be Sociable, Share!
  • Twitter
  • Facebook
  • email
  • Google Reader
If you enjoyed this post, make sure you subscribe to my RSS feed!

Tagged with:

Filed under: EncryptionHardwareLast DaysMarketingNewsOpinionPrivacySecurityTechnologyTracking

Like this post? Subscribe to my RSS feed and get loads more!