Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

“Previously, the nail was in the coffin. Now, this puts the coffin in the ground and buries it,” says Tadayoshi Kohno, an assistant professor of computer science at the University of Washington, in Seattle. He says that previously, some have claimed that it would be difficult to pull off an attack against the card in practice. Kohno hopes that this new work will put remaining objections to rest by showing how easy and inexpensive an attack can be.

“Apparently, nothing short of real-world hacks will convince operators to upgrade to better technology,” says Karsten Nohl, a security researcher now based in Berlin who reverse-engineered the algorithm inside the Mifare Classic while at the University of Virginia. “Now that the paper detailing a very practical attack is released, it won’t take long until we see many Mifare-based security systems being exploited.”

Last year, NXP, the company that makes the Mifare Classic, sued Radboud University in an attempt to stop the researchers from publishing their discoveries about the smart card. That effort failed, and the company, which coincidentally has offices near the university, is now working with the researchers to improve the security of the Mifare Plus, a successor to the Mifare Classic. Fixing all of the Mifare Classic’s security holes would require replacing infrastructure, according to van Rossum, but improvements can be made to the design of the Mifare Plus so that it will work with existing infrastructure in a more secure way.

Van Rossum is most concerned about hackers gaining access to important buildings. He says that since there is no fix for existing Mifare Classic infrastructure, companies and organizations that use the cards should improve other security practices that supplement the cards.

0 comments about this story. Start the discussion »

Credit: Technology Review

Tagged: Computing, security, RFID, IEEE Symposium on Security and Privacy

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me