Cybersecurity researchers have found a hardware backdoor in a specific model of MIFARE Classic contactless cards, which could permit authentication with an unknown key, potentially unlocking hotel rooms and office doors.
The attacks have been demonstrated on the FM11RF08S, a new variant of MIFARE Classic, released by Shanghai Fudan Microelectronics in 2020.
Philippe Teuwen, a researcher at Quarkslab, said, "The FM11RF08S backdoor enables any entity with knowledge of it to compromise all user-defined keys on these cards, even when fully diversified, simply by accessing the card for a few minutes."
The investigation found that the secret key is shared among existing FM11RF08S cards and that "the attacks could be executed instantaneously by an entity in a position to carry out a supply chain attack."
Making matters worse, a similar backdoor has been found in the older FM11RF08 generation, which is secured with a different key. This backdoor has been present in cards since at least November 2007.
An optimized version of the attack could accelerate the key-cracking process by five to six times by partially reverse-engineering the nonce generation mechanism.
"The backdoor [...] allows the instantaneous cloning of RFID smart cards used to open office doors and hotel rooms around the world," the company said in a statement.
Although the backdoor requires just a few minutes of physical proximity to an affected card to conduct an attack, an attacker in a position to carry out a supply chain attack.
Reference: www.thehackernews.com
