If you hold a credit card issued in the past 18 months, or use a touchless keycard to open doors at your office, or ride the subway with a reusable fare card, chances are good that you have used a card or ticket with a tiny wireless security chip embedded in it.
A trio of young computer experts, including a student at the University of Virginia, recently demonstrated that the encryption used by over a billion such "smart cards" is much easier to break than previously thought.
Their research shows that a tech-savvy thief with only a personal computer and about $1,000 worth of readily available equipment could make fake access cards to gain entry into high-security areas, could produce counterfeit mass-transit fare cards, and could even gain entry to cars by cloning certain wireless car keys that can open or lock the car from 20 feet away by clicking a button. (In order to drive the car, the would-be thief would still need to defeat the mechanical ignition system.)
Security experts knew that it was feasible to break the encryption of this type of wireless chip, explained Nohl, but most assumed that it was difficult enough to do so that the chips were unprofitable to attack. Companies that do so for legitimate purposes (such as checking chip designs for patent infringement) would charge from $100,000 to $500,000 and use esoteric (and expensive) research laboratory equipment — a high threshold to steal information from a wireless computer chip that is about the size of a grain of sand and costs less than a dollar.
Continued on next page Tags: ID Management, ID cards, Information/Data handling, National ID, Physical Security, RFID
Add Your Comment
Follow on Twitter
More Articles
News
Hot Topics
Office web is the latest addition to Microsoft's Office business suite and is set to be the company's most revolutionary version.
Microsoft's 14th version of its award winning, multi-billion dollar cash cow business suite, is the company's most ambitious to date.
Spotify is certainly one of the most popular online music websites in the world which is a feat for a service that was officially launched only in February 2009
Comments