The cryptography on a chip used in travel smartcards, including in London's Oyster card, was found to be exposed to cracks. A researcher known as `Bla` claims that he created exploit code to crack the cryptography on smartcards which use NXP's Mifare Classic chip, such as the Oyster card and the Dutch OV-Chipkaart.
The researcher is developing the open-source software on the Google Code platform. His exploit code, entitled 'Crapto-1', attempts to leverage NXP's proprietary Crypto1 algorithm that was mathematically explained by the Dutch researchers from Radboud University in Nijmegen, who published their work with description of possible attack methods earlier this month.
According to Bla the code is based on the cryptography needed to decrypt captured communications between Crypto1-based RFID tags and card readers. Thus, he claims that the code can "even recover the shared secret" used to verify the cryptographic process. Lately, Dutch freelance security journalist Brenno de Winter stated that he had `verified the code`, saying the code was working.
CRYPTOGRAPHY IS NO LONGER PROTECTING SMARTCARDS
Updated: 10/28/2008 23:21
The cryptography on a chip used in travel smartcards, including in Londons Oyster card, was found to be exposed to cracks. A researcher
About the author
You May Also Like
Hyip informational survey 118
PREVIEW
Christmas holiday scams
WARNINGS