Computerworld
Quick Menu
Search



Ads by TechWords

See your link here


Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Virus and Vulnerability Roundup
Finance
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 
Computerworld 2007Subscribe to Computerworld
40 years of the most authoritative source of news and information for IT leaders.
Laptops
Toshiba Laptops with Intel® Centrino® Duo. Free Shipping
RFID Technology

Chip maker sues to quash research on RFID smart card security flaws

Researcher says chip hack could crack open 2 billion cards
 

Sign up to receive Resource Alerts

July 10, 2008 (Computerworld) -- A semiconductor company is suing a Dutch university to keep its researchers from publishing information about security flaws in the RFID chips used in up to 2 billion smart cards.

The cards are used to open doors in corporate and government buildings and to board public transportation systems.

NXP Semiconductors filed suit in Court Arnhem in The Netherlands against Radboud University Nijmegen. The company is pushing the courts to keep university researchers from publishing a paper about reported security flaws in the MiFare Classic, an RFID chip manufactured by NXP Semiconductors.

The paper is slated to be presented at the Esorics security conference in Malaga, Spain, this October, according to Karsten Nohl, a graduate student who was part of a research group that originally broke the encryption last year. Nohl told Computerworld on Thursday that he gave his research to the Dutch university so it could build on what he had done, and he has been closely following its progress.

"I think it's crucial that it's published in an academic conference where researchers can work on solutions," said Nohl. "I don't think there's any good outcome for NXP. Say they were to win. They'd be keeping information away from the academics who might come up with solutions."

NXP declined to be interviewed for this story but said in an e-mailed statement, "We cannot give further comments at this time, as it is in the hands of the court and the court has given a confidentiality order."

Representatives from the university did not respond before deadline.

Call out the military

Nohl said the problem lies in what he calls weak encryption in the MiFare Classic smart card. In March, he said that once he had broken the encryption, he would need only a laptop, a scanner and a few minutes to get the cryptographic key to an RFID door lock and create a duplicate card to open it at will.

Since the MiFare Classic smart cards use a radio chip, Nohl said he easily can scan them for information. If someone came out of a building carrying a smart card door key, he could walk past them with a laptop and scanner in a backpack or bag and skim data from their card. He also could walk past the door and scan for data captured to the reader.

Once he's captured information from a smart card and/or the card reader on the door, he would have enough information to find the cryptographic key and duplicate a smart card with the necessary encryption information to open the door. He said the whole process would take him less than two minutes.

And that, according to Ken van Wyk, principal consultant at KRvW Associates, is a big security problem.

Continued...
1 | 2 | NEXT  



Print this Story Send Us Feedback E-mail this Story Digg! Digg this Story Slashdot this Story

Special Reports

Cellular operators say they're ready for Gustav
Psystar calls Apple a 'monopoly' in antitrust charges
Doubt cast on Seinfeld as Windows TV ads near
More top stories...
IT workers hit hardest by offshore outsourcing, survey finds
Microsoft: No more Windows Live Mail crashes with IE8 Beta 2
Microsoft warns of IE8 lock-in with XP SP3


Ads by TechWords

See your link here


Telework can change office dynamics in ways you hadn't anticipated. Proceed cautiously.
Got a painfully slow connection or random dead spots? Our tips will help you get the most out of your wireless network.
Listen up, managers: Employees don't quit the job; they quit you.
Netbooks, ultraportables, mini-notebooks — whatever you call them, they've been grabbing headlines. Are they here for the long term or just a flash in the pan?
Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS.
Four years from now, the IT field will be a vastly different place. Will you be ready?
All Zones
Application Performance Zone
Business Continuity Zone
The File Data Management Zone
Security Management Zone
ITIL Best Practices Zone
The SAS Zone
Business Intelligence and Analytics Zone
Windows Protection Zone
Identity & Security Management Zone
From Laggard to Leader: Transforming the Data Center
From Laggard to Leader: Transforming the Data Center
Register for this complimentary live webcast today!
Go to the webcast 
Managing Mobile Data with Endpoint Security for Laptops
Download this white paper now, compliments of Computerworld and Absolute Software.
(Source: Absolute Software) A NetworkWorld survey of IT professionals found that only 1 in 100 employees consistently follow data security policy. This paper outlines endpoint security for laptops that restricts data access beyond encryption to safeguard against insider threats and user error.Read this whitepaper to learn lessons from recent data breaches, limitations of traditional data security, and how to remotely wipe out data and monitor computers that go off the network.
Download this executive briefing download
Top 10 Reasons to Upgrade
Get this white paper now!
(Source: Symantec) Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Download this white paper go
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Archiving Compliance with Sunbelt Exchange Archiver
The Impact of Messaging and Web Threats
Advanced Load Balancing: 8 Things You Need to Handle Today's Network Traffic
View more whitepapers