resource center
  See your link here
|
or
Other Spam, Malware and Vulnerabilities Stories
|
|
|
|
July 10, 2008 (Computerworld) -- A semiconductor company is suing a Dutch university to keep its researchers from publishing information about security flaws in the RFID chips used in up to 2 billion smart cards.
The cards are used to open doors in corporate and government buildings and to board public transportation systems.
NXP Semiconductors filed suit in Court Arnhem in The Netherlands against Radboud University Nijmegen. The company is pushing the courts to keep university researchers from publishing a paper about reported security flaws in the MiFare Classic, an RFID chip manufactured by NXP Semiconductors.
The paper is slated to be presented at the Esorics security conference in Malaga, Spain, this October, according to Karsten Nohl, a graduate student who was part of a research group that originally broke the encryption last year. Nohl told Computerworld on Thursday that he gave his research to the Dutch university so it could build on what he had done, and he has been closely following its progress.
"I think it's crucial that it's published in an academic conference where researchers can work on solutions," said Nohl. "I don't think there's any good outcome for NXP. Say they were to win. They'd be keeping information away from the academics who might come up with solutions."
NXP declined to be interviewed for this story but said in an e-mailed statement, "We cannot give further comments at this time, as it is in the hands of the court and the court has given a confidentiality order."
Representatives from the university did not respond before deadline.
Nohl said the problem lies in what he calls weak encryption in the MiFare Classic smart card. In March, he said that once he had broken the encryption, he would need only a laptop, a scanner and a few minutes to get the cryptographic key to an RFID door lock and create a duplicate card to open it at will.
Since the MiFare Classic smart cards use a radio chip, Nohl said he easily can scan them for information. If someone came out of a building carrying a smart card door key, he could walk past them with a laptop and scanner in a backpack or bag and skim data from their card. He also could walk past the door and scan for data captured to the reader.
Once he's captured information from a smart card and/or the card reader on the door, he would have enough information to find the cryptographic key and duplicate a smart card with the necessary encryption information to open the door. He said the whole process would take him less than two minutes.
And that, according to Ken van Wyk, principal consultant at KRvW Associates, is a big security problem.
|
Print this Story |
|
Send Us Feedback |
|
E-mail this Story |
|
Digg this Story |
|
Slashdot this Story |
See your link here
|
Editors' Picks
The updated iMac now offers a screen resolution that's higher than HD.
The Droid comes with Android 2.0, the slimmest QWERTY slider, a 3.7-in. display and Verizon's network. Is the iPhone in trouble?
Didn't think hardware this tiny could be tweaked? Think again. We explore five ways to turn netbooks up to 11.
Abundant spectrum resources and an engaged research community are drawing wireless experimenters back into a hobby that many had forgotten.
hot topics
Get the latest news, reviews and more about Microsoft's newest desktop operating system.
special report topics
General Mills, Genentech, San Diego Gas & Electric, University of Pennsylvania and Monsanto top the list.
|
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
