Most Popular Stories
- One on One with Arpan Shah of Microsoft Sharepoint
- IBM will snag half of India's outsoucing work by 2010
- Vendors prepare for Obama's electronic medical records change
- Teen sends 14,528 text messages in a single month
- Coke uses RFID for drink dispensers
- Forrester report predicts web content management will grow in spite of economy
Events
- CTO Telecom Summit
Nov 8-11, 2009 — Four Seasons Resort – Scottsdale, AZ
Sponsored Links
Free Newsletter
Latest News
Popular Topics
Whitepapers
What's next for Mifare?
![]()
What's next for Mifare?
On Wednesday, a video was released on YouTube demonstrating the successful hack of physical access systems based on the Mifare Classic RFID chip. There were two vectors of attack in the video; the first of them shows the retrieval of the cryptographic key from a reader hooked up to the building's access control infrastructure. The other vector saw the RFID access card being wirelessly sniffed by simply walking past a victim with a handheld scanner. The retrieved data was sufficient to create a clone, which was then used to successfully gain entry.
Detractors say that part of the problem is caused by improper implementations, and that the door reader attack should not have been possible in the first place. Others argue that it is foolhardy not to have implemented additional layers of security.
The second argument ignores the fact that access control systems based on the Mifare work on the assumption that the Mifare cannot be cloned--which is, after all, its key security feature. Hence, a card that is registered with the access control system is assumed to be held by the person it has been assigned to--unless deactivated due to being misplaced or stolen. As such, unless it's a military installation, it does not make economic sense to piggy back a secondary layer of security--and its associated cost, onto an already "secure" system.
As for the first criticism, the fact is that most access control systems based on the Mifare Classic probably are implemented in the same flawed way. Complain as you will, but it's already a done deal. As you can imagine, the hack has thrown much of the world's access control market into disarray. This situation has even prompted the Dutch government to issue a public warning on the matter.
What will happen next? Will companies and organizations that have implemented Mifare Classic obediently upgrade to the just-announced "Mifare Plus"? Or will people simply dump RFID-based access system altogether? If jumping ship, what is there to switch to anyway? Magnetic swipe cards? - Paul
Related Stories
- 25 open-source releases coming this year
- Google ordered to turn over YouTube user data
- SPOTLIGHT: Online video gets down to business
- MTube: The world's smallest PC
- iPhone gets International data/voice plan
- AMD prepping tri-core processors
- Storm Worm dupes YouTube fans
- Adobe brings hi-def video to Flash
- Windows bundled apps: Can I get an update please?
- Video: Palm Gandolf (800p) caught on tape?
Comments
Post new comment
Home
| Subscribe | Advertise | RSS |
Privacy
| Site MapTHE FIERCEMARKETS NETWORKFierceFinance | FierceFinanceIT | FierceComplianceIT | FierceHealthcare | FierceHealthFinance | FierceHealthIT | Hospital Impact | FierceMobileHealthcare | FierceCIO | FierceCIO:TechWatch | FierceContentManagement | FierceMobileIT | FierceGovernmentIT | FierceBiotech | FierceBiotech Research | FiercePharma | FierceVaccines | FierceBiotechIT | FiercePharma Manufacturing | FierceIPTV | FierceOnlineVideo | FierceTelecom | FierceVoIP | FierceBroadbandWireless | FierceDeveloper | FierceMobileContent | FierceWireless | FierceWireless:Europe© 2009 FierceMarkets, Inc. All rights reserved. |
![]() |







Click here to get the FierceCIO:TechWatch email newsletter for FREE!
Be the first to comment