A hardware backdoor in a certain kind of MIFARE Classic contactless card has been found by cybersecurity researchers. This backdoor might be used to enable authentication with an unknown key and open doors to hotels and businesses.
Researchers studying cybersecurity have discovered a hardware backdoor in a certain type of MIFARE Classic contactless card that may unlock doors to hotels and offices and enable authentication using an unidentified key. The new MIFARE Classic variant FM11RF08S, which Shanghai Fudan Microelectronics released in 2020, has been the target of assaults that have been proven. “The FM11RF08S backdoor enables any entity with knowledge of it to compromise all user-defined keys on these cards, even when fully diversified, simply by accessing the card for a few minutes,” says Philippe Teuwen, a researcher at Quarkslab.
The research discovered that “the attacks could be executed instantaneously by an entity in a position to carry out a supply chain attack.” In addition, the secret key is shared by all FM11RF08S cards now in circulation. To make matters worse, a backdoor akin to this one has been found in FM11RF08, the previous generation, and it requires a different key to unlock. There have been backdoors found in cards since November 2007. An enhanced variant of the assault has the potential to accelerate the key-cracking process by five to six times through partial reverse engineering of the nonce-generating mechanism. “The backdoor […] allows the instantaneous cloning of RFID smart cards used to open office doors and hotel rooms around the world,” the business stated in a statement.
Even though the backdoor just has to be physically close to an impacted card for a few minutes to launch an assault, a supply chain attack might be carried out instantly and widely by an attacker.” Customers are advised to find out if they are vulnerable, particularly considering how common these cards are in hotels in Europe, India, and the United States.
“Even if all of their keys are properly diversified, the backdoor and its key allow us to launch new attacks to dump and clone these cards,” stated Teuwen. The locking systems used in hotels have already been found to have security flaws. It was discovered earlier in March that serious flaws in Dormakaba’s Saflok electronic RFID locks might be used by threat actors as a weapon to spoof keycards and unlock doors.
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.
