Microscope-wielding boffins crack Tube smartcard Security researchers say they've found a way to crack the encryption used to protect a widely-used smartcard in a matter of minutes, making it possible for them to quickly and cheaply clone the cards that are used to secure office buildings and automate the collection of mass transportation fares. The attack works against the …
if it can be made it can be cracked or copied by anyone with enough to gain. Mr Brown & Co please note for your *secure* ID card system, it WILL be hacked and then what was the point of all the aggro apart from filling the coffers of the IT companies that you will get nice fat directorships from when you get kicked out of parliment.
Several misconceptions about this stuff floating around. From my personal experience:
1) A "talented amateur" can de-cap a chip and lap to various layers for observation.
2) While one wouldn't want to try it on the latest x86_64 or Power, jelly-bean chips are usually built with _much_ less advanced tech. Read "bigger features, fewer layers". Yes, probably less advanced than the ARM in your Mobe.
3) It is true that you cannot "see" doping (or worse, implant). It is also true that most (particularly low-end) design systems use transistor shapes that reliably clue you into types. And of course if you are extracting circuits from polygons, which rail a transistor is closer too provides another clue.
4) If you are dealing with a patterned area such as a ROM, the implant may indeed not be guessable. That's what stains are for. Yep. At least as far back as the 1990s.
5) There are ways to obfuscate the above, but a group that uses an LFSR for "crypto" is not likely to even be aware of them, let alone be arsed to use them.
6) If optical microscopes are truly not up to it, well, a co-worker of mine has a neighbor with a functioning electron microscope in his garage. Do not underestimate the passions of nerds.
".. a company that can't quantify the number its sold more precisely than this...
"NXP says it's sold 1 billion to 2 billion of the cards"
...may not be the most reliable for number based operations."
Does it occur to you that:
a) maybe they don't want to reveal precise figures to their competitors for commercial reasons
b) the guy responding to the question didn't personally have the exact figures to hand but knew the approximate amount
c) it depends how exactly you count them (eg. they may have been sold to a distributor or reseller but not yet sold to an end user, or they've introduced slightly different models over the years and it depends which you include in these figures. or they have partners or licensees who sell the same cards and it depends whether you includes those in the total or not)
etc.
Further, if a cheap, low security product has lasted for 15 years without being cracked, and if the manufacturer has managed to sell a billion or more at 50 cents each, then they certainly don't sound that incompetent to me!
But, but...our government swears blind that our ID cards will be foolproof !! And since they are the government, they MUST be right, aren't they ??
@AC@New door opens - serves you right for buying that cr*p. I built a 386 DX machine form bits for less than one third of the price of one of those and had more RAM and a bigger hard disk to boot (pun intended) !!
@WhatWasThat? - they had actually thought of dealing with the real-time transactions in the HK system. What they *didn't* do was to get a proper estimate of the *VOLUME* of transactions per (time period). Comes day one and hordes of passengers using their cards and the system went splat !! So it is not simply a matter of dragging a lot of wires from *FIXED* sites to the server(s). Add on the mobile sites (buses, mini-buses,etc) that download when they get back to their home station and throw a *MASSIVE* data-dump down the line and most of the people involved walked around wearing brown trousers for weeks until the scalability of the system was properly tested and pronounced safe for general use !!
What's to stop history from repeating itself in 2012 when hordes of tourists pour into London for the Olympics and the whole system grinds to a screeching halt ??
@A J Stiles - I saw on a packet of dry-roasted peanuts "may contain nuts" !! MAY ?? If not nuts, what else ??
@Rolf Howarth - "and if the manufacturer has managed to sell a billion or more at 50 cents each, then they certainly don't sound that incompetent to me!"
You are certainly right if you are talking about their parasites, oops, sorry, I mean salesmen. It's their techies that are worrying !!
At least you can reduce the chance of getting skimmed or cloned if you keep the card in a shielded card sleeve except when you are using it.
Identity Stronghold calls them a Secure Sleeve and has them at www.idstronghold.com
In the UK SmartCardFocus calls them a Skimstopper and sells them at www.smartcardfocus.com/skimstopper
London Underground caps the charges on an Oyster card daily depending on the zones covered:
http://www.tfl.gov.uk/tickets/faresandtickets/singlefares/5196.aspx
So lets consider the value of cracking a card. The only criminal benefit comes from copying the card and then selling it. So the average maximum value a cloned card could be used for per day would be around 9 or 10 pounds depending on the zones that the original was valid for.
Now assuming that the TfL network can only detect duplicate cards in the system and then blacklist them overnight, then the maximum value of a cloned card would indeed be about 10 pounds (but on average a lot lower)
Counterfeit goods typically sell for a lot less than the real thing so lets be generous and say the typical cloned card could be "sold" for 5 pounds (again best case)
In volumes less than 100,000 Mifare cards cost about 2 pounds each. Which gives us a whopping 3 pounds margin per card. Plus the cost of a scanner/cracker/copier (say 500 pounds) (and a laptop) then our criminal mastermind has to clone, copy and sell nearly 200 cards before he starts to make a profit.
This is best case - in order for the cards to be sold for their maximum value they need to be sold at the morning rush hour and assuming there is actually a market for these cards and they don't get arrested in the mean time, then you could imaging then making about a few hundred pounds a day.
But in fact Tube station gates are smart enough to stop the same card being used twice in the station without it being used to exit first. So in fact cloned cards could only be used at a station different from the one where the genuine card was actually used.
I'm sure an enterprising criminal capable of executing such a business would be better off contracting to an IT company in the City and surfing Youtube in an office, rather than getting cold and wet and risking prison outside an actual Tube station.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
