I recently read that the encryption on the Mifare Classic RFID technology has been cracked. Since Mifare is used in millions of smart cards, is this a legitimate concern for enterprises? Does it put the future security of smart cards or RFID in jeopardy?
The cracking of a widely used smart card, like those with the Mifare Classic RFID chip, is definitely a cause for concern. It could expose facilities worldwide to malicious access, since 1 billion passes have been distributed outside its original base in the Netherlands.
But the issue goes far beyond the Mifare chip to the security of smart cards and RFID chips in general. The technology definitely has some security chinks in its armor, but it would be premature to say it's in jeopardy because of security issues. The technology is growing in popularity and ease of use, but its security isn't quite mature yet.
Smart cards and RFID chips, on the surface, are supposed to be stronger forms of authentication than, say, user IDs and passwords, which are easy to steal and guess. But on the other hand, the chips on cards also have weaknesses. Over the past two years, several researchers in the UK, Germany and the Netherlands have designed ways to clone chips and cards, steal data from radio signals emanating from RFID chips or break the encryption algorithms on chips. In some cases, they've used homemade devices that can be cheaply constructed from readily available materials.
RFID chips have been criticized heavily as being the most exposed. The chips are now used on credit cards and some U.S. passports, opening up users to potential credit card fraud or identity theft. The issue is that signals from RFID chips frequently aren't encrypted and can be easily captured by readers. Someone with an RFID credit card in their wallet could unwittingly lose his or her account number just by walking past a malicious reader a few feet away.
The other issue with both smart cards and RFID chips is that they can only hold a limited number of encryption keys due to their small size and capacity, making their algorithms susceptible to cracking.
The security issues that need to be resolved are encryption of RFID signals, shielding of RFID signals from malicious access and better encryption of chips on smart cards. Until then, simply cutting out the chips on credit cards could make them inoperable and would invalidate a passport. But despite those challenges, security is still playing catch up as the technology's usage and popularity continues to grow.
Learn more about securing implanted chips and RFID tags.
Prevent hack attacks against smart card systems with these best practices.
Dig deeper on Security Token and Smart Card Technology
Related Q&A from Joel Dubin, past SearchSecurity.com expert
Picture passwords for mobile device security aren't a new idea, but they have been recently improved. Identity and access management expert Joel ...continue reading
Hacked smart cards are a large potential threat to enterprises that utilize them. Learn how to thwart smart card hackers.continue reading
The spectrum of authentication tools is broad, ranging from simple user ID and password systems to biometrics. For Internet access from a company, ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.