CRYPTOGRAPHY IS NO LONGER PROTECTING SMARTCARDS

Updated: 10/28/2008 23:21
Reprints/Permissions  Hyip Monitor
The cryptography on a chip used in travel smartcards, including in Londons Oyster card, was found to be exposed to cracks. A researcher

The cryptography on a chip used in travel smartcards, including in London's Oyster card, was found to be exposed to cracks. A researcher known as `Bla` claims that he created exploit code to crack the cryptography on smartcards which use NXP's Mifare Classic chip, such as the Oyster card and the Dutch OV-Chipkaart.

The researcher is developing the open-source software on the Google Code platform. His exploit code, entitled 'Crapto-1', attempts to leverage NXP's proprietary Crypto1 algorithm that was mathematically explained by the Dutch researchers from Radboud University in Nijmegen, who published their work with description of possible attack methods earlier this month.

According to Bla the code is based on the cryptography needed to decrypt captured communications between Crypto1-based RFID tags and card readers. Thus, he claims that the code can "even recover the shared secret" used to verify the cryptographic process. Lately, Dutch freelance security journalist Brenno de Winter stated that he had `verified the code`, saying the code was working.


About the author

Brett Sherpan has been working for seven years writing and editing for online and print media. He has held various editing and copywriting positions and can quickly and competently write copy for sales, marketing and editorial content. Brett is a consistently dependable team player, who thrives in a high-pressure environment, enjoying the challenges of meeting deadlines and am comfortable researching, writing and editing on a wide range of topics
You May Also Like