A Peculiar Blog



« Will Obama Decline Public Financing? Modifying Thingamablog For Freenet 0.5 »

NXP Mifare Classic RFID encryption cracked


April 13th, 2008 by Ed
Filed under: Encryption Hardware Last Days Marketing News Opinion Privacy Security Technology Tracking z2

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

We can now raise a cheer for a group of a group of bright people in the Chaos Computer Club of Hamburg, Germany along with colleagues from the University of Virginia have succeeded in cracking the encryption scheme used on the Mifare Classic RFID chip sold by NXP.

It turns out that the proprietary encryption scheme has only 48 bits as opposed to modern algorithms that use 128 bit and 256 bit (or more) encryption. Apparently cracking this encryption took “relatively little effort”.

This means that because these chips are in fairly wide use in a number of applications such as “contactless smartcard applications including fare collection, loyalty cards or access control cards.”, it’s possible for a determined individual (or corporation / criminal organization) could do quite a bit with it, from making it a lot easier for unscrupulous advertisers to track every time you purchase something and use the information to target advertising.. or more. For example, say you decide to discreetly try a weight loss cream. You don’t particularly want it generally known because of embarrassment or simply because you don’t know if it’ll work or not. advertiser gets the information and you start getting more ads in email, on the phone and anywhere else you might see targeted ads, for other weight loss products and advice etc. Your insurance company sees this information and your premiums go up because some number cruncher has decided that you’re now an increased risk for weight related health problems.

It’s bad enough that these infernal things are being used as much as they are but to have them out there with weak encryption only aggravates and already bad situation. Of course, NXP, the maker of the chips in question, isn’t planing to change anything

Technorati Tags: chips, credit+cards, Encryption, loyalty+cards, Opinion, payment+systems, Privacy, rfid, Security, Technology, Tracking, tracking+chips

Bookmark To:
  • del.icio.us
  • Technorati
  • Digg
  • Reddit
  • StumbleUpon

If you enjoyed this post, make sure you subscribe to my RSS feed!

Trackback URI

No Comments

Sorry, the comment form is closed at this time.


Comments protected by Lucia's Linky Love.

Proudly powered by WordPress. Theme developed with WordPress Theme Generator.
Copyright © A Peculiar Blog. All rights reserved.

 

 Join the Blue Ribbon Online Free Speech Campaign
Join the Blue Ribbon Online Free Speech Campaign!

 
who's linking to A Peculiar Blog