Wednesday, March 19, 2008

Security Problem with Key Card Access Systems

There is an interesting article on dealing with an emerging problem with a class of key card systems that is in wide spread use around the world for access control systems. The problem specifically identified is with the Mifare Classic RFID card produced by NXP (formerly Philips Semiconductors), but may be common to a wide variety of similar systems. The problem allows outsiders to intercept, decode and duplicate the signals from the cards, ultimately allowing the potential for unauthorized access to facilities using this security tool.


European security researchers were able to reverse engineer the encryption algorithm and then duplicate the system on their own hardware. More importantly they were able to develop a technique to retrieve cryptographic keys. This means that they have developed the means to spoof the access control system.


Any facility that is using this specific RFID card system needs to take immediate actions to ensure that they are not relying solely on this system for access control. Facilities using similar RFID systems, while not necessarily compromised to the same extent, should also review their procedures to ensure redundancy in their access control procedures.

No comments:

/* Use this with templates/template-twocol.html */