Monday, October 13, 2008

Security flaw in smart cards poses risk for transit, building access - - 10 Oct 2008

Transit systems across Canada stand to lose tens of thousands of dollars to fare fraud, and access to office buildings could be compromised, after a security flaw in some of their smart-card technology was widely publicized this week.

Computer-security researchers at the Radboud University Nijmegen in the Netherlands revealed how the smart-card technology, called Mifare, can be hacked to let anyone with a computer and $100 worth of parts create counterfeit transit and building-access passes.

Mifare uses a radio-frequency-emitting computer chip embedded in a plastic card. Transit riders wave the card over a reader to pay fares, while employees and students flash it at secured doorways to gain admittance in many offices and schools.

The technology has been implemented in transit systems in St. John's, Gatineau, Que., the Greater Toronto Area and the Ontario cities of Kingston and Brantford, and is under consideration for use in Saskatoon.

Mifare chips, according to Dutch-based vendor NXP Semiconductors, are used in more than a billion radio-frequency identification (RFID) cards around the world — including security passes used to access buildings — and represent 70 per cent of the market for so-called contactless smart cards.

"The proprietary cryptography used on the Mifare Classic RFID chip is severely flawed," Wouter Teepe, one of the Dutch researchers, writes in a paper published Monday. "The management summary would be something like, 'Mifare Classic is broken.' "

Teepe and his colleagues cracked the encryption code on Mifare chips. They reported the security flaw in March, in the wake of earlier work by University of Virginia grad student Karsten Nohl, but only published the full details this week.

Once they'd cracked the encryption, the Dutch researchers were able to use hand-held antennas to remotely read the contents of someone's building-access pass, then forge a fake duplicate pass that gave them access to the same building.

The researchers also successfully hacked the Dutch national transit system and London's transit, showing how someone could get a day of free rides with little effort.

NXP working on solutions
Transit systems that use Mifare Classic smart cards are vulnerable in two ways. Because the cards communicate through the air using radio waves, a hacker could wirelessly read a transit rider's pass from a distance — several inches, or, as some hackers have demonstrated, up to 10 feet — and then "clone" the confidential information onto a blank impostor card that would seem like the original to a bus farebox. In transit systems where riders put money onto their smart cards that gets deducted with each trip, a hacker could also tinker with the card to increase its balance.

NXP Semiconductors has acknowledged the security problems and says it is working on solutions.

"It is NXP's objective to transparently update all system integrators and operators of infrastructures which use Mifare Classic in a timely manner," the company says in a statement on its website.

There are also ways to mitigate the security gaps, according to Juan Liverant, CEO of BEA Transit Solutions, which implemented smart-card payment systems for the transit networks in St. John's, Kingston and Brantford, as well as cities in Mexico.

"One is for the software on the back end to keep track of the balance on all the cards, and if one doesn't match what I have on my system, then the next time it's tried to be used it can be invalidated," Liverant told CBC News. "So far, to our knowledge, we haven't had a card cloned of all the systems we have in Canada or anywhere in the world."

But that fix has its shortcomings, Liverant acknowledged. Payment information has to be downloaded from every bus in the transit system onto a central database, which typically can only happen once the buses are parked for the night, so high-tech fare cheats would enjoy 24 hours of potentially free rides.

Also, riders with legit transit cards that were copied by a hacker would see their cards invalidated, in the same way that credit cards can be automatically blocked in the event of suspected fraud.

'It's unlikely we'd use that'
Cities around the world have been shaken by the Mifare flaw. In addition to London and the Netherlands, Mifare Classic is used in Minneapolis-St. Paul, Boston and Brisbane, Australia.

Edmonton is using Mifare technology in a small, pilot smart-card program to test the feasibility of deploying contactless payments across its transit system. But Graydon Woods, the program's manager, said the security flaw won't affect the city's transit in the long term.

"We're aware of the vulnerabilities with Mifare, so it's unlikely we'd use that," Woods said Thursday. "It's not applicable to us."

Elsewhere in Canada, the Gatineau transit authority implemented its payment system based on Mifare Classic in 1998. Burlington, Ont., a city located west of Toronto, used a Mifare Classic system until last summer.

Vince Mauceri, a former manager with Burlington Transit and now the general manager of transportation operations for the Greater Toronto Area's Metrolinx transit agency, played down the Mifare problem.

"We're talking micropayments. We're not talking about buying a couch at Leon's," Mauceri said. "I think the crooks want to go after the big-dollar items, not micropayments."

Metrolinx is part of a project to implement a smart card called the Presto card for all Toronto-area transit systems over the next four years, and it will use a newer, more secure Mifare platform called DESFire — the same version Edmonton is considering.

Vancouver is also aiming to bring in smart-card payment systems, but transit authority TransLink is still in the early stages of planning and hasn't settled on what technology it will use, spokesperson Ken Hardy said.

Manufacturer blamed
The Dutch researchers who successfully hacked Mifare said NXP is entirely to blame for the security issues because the manufacturer decided to use a confidential, proprietary encryption method that was untested.

"All this demonstrates, once again, the dangers of relying on 'security by obscurity,' keeping the design of a system secret and relying on this to keep the system secure," the researchers said in a statement issued Monday.

"As all experts in the field agree, a better approach is … making the design of a system public so that it can be openly evaluated and scrutinized by experts."

By Zach Dubinsky

No comments: