“MIFARE Classic” report released
quine posted in security news, SeverelyBroken, vulns on October 8th, 2008
Researchers from the Institute for Computing and Information Sciences at Radboud University in The Netherlands have, at long last, published their report (PDF) on the security posture of the MIFARE Classic system. The report, simply and appropriately entitled “Dismantling MIFARE Classic”, was presented as part of the 13th European Symposium on Research in Computer Security (ESORICS 2008).
At a mere 18 pages, the report still provides good detail about the team’s findings, including hardware setup, crypto used by MIFARE Classic (including the oft ridiculed 48-bit CRYPTO1 cipher), and exploits that can be launched against the system. Additional information can be found at the homepage of Flavio D. Garcia, one of the researchers involved.
Hat tip to Security4all for the notification on this paper.