Hardware Backdoor in RFID Cards Threatens Security

Lilu Anderson
Photo: Finoracle.net

RFID Cards: A Hidden Vulnerability

In a significant discovery, cybersecurity experts have found a hardware backdoor in a widely used model of MIFARE Classic RFID cards. These cards, often used for unlocking hotel rooms and office doors, were found with vulnerabilities allowing unauthorized access. The backdoor was identified in the FM11RF08S variant, released in 2020 by Shanghai Fudan Microelectronics, capable of bypassing security even with diversified keys.

How the Attack Works

The attack relies on a hidden secret key that can compromise the security of these cards. Philippe Teuwen, a researcher from Quarkslab, emphasized that this vulnerability allows attackers to bypass all user-defined keys within minutes. This is especially worrying because someone could exploit this weakness as part of a supply chain attack, where they gain access at the manufacturing or distribution stage.

Historical Context

This issue is not entirely new. A similar backdoor was found in the FM11RF08 model, which dates back to 2007. This older model also uses a secret key to enable unauthorized access. Recent advancements in attack methods, such as partially reverse engineering the nonce generation process, can now expedite the attack, making it five to six times faster.

Consequences and Precautions

The discovered backdoor permits the cloning of RFID cards, posing severe risks to security systems worldwide. Despite requiring physical proximity for a few minutes to execute, if attackers can integrate this into a supply chain attack, they could potentially clone cards at scale, instantly.

Customers, particularly in the U.S., Europe, and India, are encouraged to verify their cards' susceptibility. The widespread use of these cards in hotels and offices significantly raises the stakes.

Industry Implications

This discovery is reminiscent of past security flaws in hotel locking systems. Dormakaba's Saflok electronic RFID locks, for instance, were recently found vulnerable to similar exploits. As organizations and individuals rely heavily on electronic security systems, it's critical to address these vulnerabilities promptly to protect sensitive access points.

Emerging technologies like RFID must continue to innovate while ensuring robust security measures are in place, thus safeguarding against potential breaches.

Share This Article
Lilu Anderson is a technology writer and analyst with over 12 years of experience in the tech industry. A graduate of Stanford University with a degree in Computer Science, Lilu specializes in emerging technologies, software development, and cybersecurity. Her work has been published in renowned tech publications such as Wired, TechCrunch, and Ars Technica. Lilu’s articles are known for their detailed research, clear articulation, and insightful analysis, making them valuable to readers seeking reliable and up-to-date information on technology trends. She actively stays abreast of the latest advancements and regularly participates in industry conferences and tech meetups. With a strong reputation for expertise, authoritativeness, and trustworthiness, Lilu Anderson continues to deliver high-quality content that helps readers understand and navigate the fast-paced world of technology.