Run RFID run…

Some weeks ago Julien Happich’s article “Sniffing and cloning contactless cards: a simple buy on kickstarter ” in EETimes-Europe [1][2]. I followed the evolution of Chameleon , Proxmark III [3], OpenPICC/OpenPCD [4] and other RFID emulator projects for several years. Proxmark III boards looked very flexible and powerful; OpenPICC/OpenPCD and Chameleon were very simple to duplicate and much cheaper.

ChameleonMini (top) and proxmark3 (bottom)
(Image sources: ChameleonMini, proxmark3)

ChameleonMini (top) and proxmark3 (bottom) (Image sources: ChameleonMini, proxmark3)

In my previous occupation I designed and wrote the firmware and co-designed the hardware for an ISO-14443 Type-A RFID smartcard emulator. It was designed as a lab tool for profiling and interoperability compliance tests automation. The task of setting up a decent smartcards cracking/hacking kit was certainly a challenge for most people. It required a good RFID standards understanding, experience in electronics and some open software tools hacking skills. But it is much easier now, even for almost any regular or novice hacker.

There is a trend amongst RFID and NFC tags manufacturers to incorporate stronger and well known algorithms like RSA and AES , especially after learning one basic lesson: security by obscurity is no security at all . The most prominent example of the latter was the cracking of Mifare Classic’s Crypto-1 security, presented at the 24th Chaos Communications Congress (24C3) by Nohl and Plötz [5][6]. This revelation compromised billions of cards around the globe with applications involving public transportation fare collection systems, building entrance security controls, paid public services and more.

Yet brute force, reverse engineering and side channel attacks proved effective for breaking Mifare Classic’s Crypto-1, Hitag2 [?] and Mifare DESFire [7], they are nearly useless against most recent secure smartcards and processors using stronger algorithms.

Obviously having the most advanced silicon with the strongest encryption/decryption algorithm is not enough. And sadly but not surprisingly, today’s weakest security bond resides out of the silicon. Today’s most important security threats and breaches come from the human side. Decisions made by managers with poor security background, very limited knowledge of hacker’s culture or an over dimensioned ego are behind the most astounding security mistakes I have seen until today. Haven’t you heard something like “We just have to make a release for this deadline and it doesn’t matter if it works well or not, we can correct any bug they find later .”

The most important principle to follow in designing secure systems, and also the most often forgotten one, is “security comes first”. Unfortunately, many design and implementation teams avoid “wasting” time beyond integrating their application logic into out of the box samples provided by the silicon manufacturer. Doing that way is definitively a huge mistake. According to my experience we must keep our minds open to the fact that we can make mistakes. We must also learn to think as hackers and do the best we can to break our own security design. Security forums and hacker communities constitute one invaluable and often ignored source of information, security validation tools and resources. Most security breaches are found and published first by members of these communities.

One final thought. Is all this security scenario confined exclusively to smartcards and NFC? Definitively not! We are witnessing today how IoT have attracted a lot of attention from hackers and crackers. A large number of widely spread connected devices are susceptible to side channel and other attacks. In many cases the attacker can acquire network AES keys in such simple ways like sniffing into SPI or I2 C lines like described in [9]. Setting up a ZigBee network sniffing node can be very simple too [10].

Fortunately, we can still have unconnected cups of tea, rocking chairs, paperback books and pencils, and as this computer is disconnected from the net right now the SSL implementation running on its operating system networking framework is not vulnerable [11, 12] for…… at least a few minutes ;-D.

[1] – Julien Happich, Sniffing and cloning contactless cards: a simple buy on kickstarter, EETimes-Europe.

[2] – Kasper & Oswald GmbH, ChameleonMini – A Versatile NFC Card Emulator, and more…, Kickstarter.

[3] – Jonathan Westhues, A Radio Frequency Identification Tool.

[4] – Harald Welte, Milosch Meriac & Brita Meriac, OpenPCD Passive RFID Project.

[5] – Karsten Nohl, Cryptanalysis of Crypto-1, University of Virginia.

[6] – Karsten Nohl & Henryk Plötz, Little Security, Despite Obscurity, 24th Chaos Communication Congress.

[?] – Petr Stembera & Martin Novotný, Breaking Hitag2 with Reconfigurable Hardware, 14th Euromicro Conference on Digital System Design, Architectures, Methods and Tools, DSD 2011, August 31 – September 2, 2011, Oulu, Finland.

[7] – David Oswald & Cristoph Paar, Breaking Mifare DESFire MF31CD40: Power analysis and Templates in the Real World.

[8] – OSPT Alliance.

[9] – Travis Goodspeed, Breaking 802.15.4 AES128 by Syringe. Side note: This blog post is a little bit old now but many similar devices are still active in the market.

[10] – Christopher Wang (Akiba), Sniffing the Internet of Things with Wireshark, Sensniff, and FreakLabs, FreakLabs, Inc.

[11] – Kelly Jackson, SSL ‘DROWNs’ In Yet Another Serious Security Flaw , InformationWeek DARK Reading.

[12] – The DROWN attack.

0 comments on “Run RFID run…

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.