Oh, to be young again.

Tapping the vending machine with your card sends the ID in plaintext over the wire to the upstream server, which responds in plaintext for the machine to either accept or reject the transaction.

Tomfoolery may or may not have been performed by a bunch of bored, hungry college students at 1AM one night...

It's reminiscent of the old NASA saying: "faster, better, cheaper: pick any two".

backdoor implies somebody can "get in" to my rfid, but rfid's spend most of their time "off the grid". So when my rfid powers up, does the "host" who powered it up also need to be insecure or on an insecure/compromised net?

then... what capabilities would suddenly become possible; unlocking the door is already unlocked, my credit card is already all ready to spend...

or does it simply allow people passing me on the sidewalk to make a copy of my card?

MIFARE (not just the Classic family) have a UID (32 bits) and x blocks of encrypted data (12 for Classic). Each block is protected by a A key and a B key.

The earliest card system only uses UID for authentication ie. if the card says the right UID the card passes authentication.

Obviously, anyone can forge a card with said UID, so the latter system start to use the 12 encrypted fields for authentication. The card reader would challenge the card to encrypt the nonce plus stored identification. Only cards with the correct key can respond with the correct encrypted data + nonce.

The authentication uses symmetric encryption. Depending on how the system is setup, A key is used for Read only, Read Write, or A is used for read and B is used for write, or both A/B is need for read write.

The original Mifare Classic uses a proprietary crypto crypto-1. Due to various reasons (eg. weak PRNG, collisions, etc.) , it can be trivial to crack a traditional Mifare Classic key. However there are harden keys that still could not be cracked due to various countermeasures.

The paper seems to found a hardcoded A/B key A396EFA4E24F for a particular brand of RFID cards (I just skimped the paper and its been years since I worked on RFID. I might be wrong on the detail).

Actually, if I understood the paper well, the same key worked also on older, non-Chinese cards like those produced by NXP. Why, that's a big question.

Sadly, neither my gym or work access card were cloneable even though they are MIFARE Classic. So I did not end up getting an implant.

That’s the threat vector.

Depending on the specifics of a deployment, I'm guessing you could also use the card secrets to mint new cards that authenticate correctly to facility readers, but contain different information? But I don't know nearly enough about how these cards get used to know how much flexibility you get there.

A lot of systems still just use the UID.

Physical security/door access control is still completely disconnected from IT security, despite these systems relying on software for the last 20 years. As such, there is generally no knowledge in the buyers of such systems as to the risks and how to test for any vulnerabilities.

I bet systems which rely on the UID only (something even the card manufacturer specifically warns against in their datasheet) are still being sold, and lots are definitely still out there. This is trivial to clone and requires only a single read of the card, no cracking needed because the UID isn’t designed to be private to begin with.

E.g. if "John" badges in... and then 10 minutes later "John" badges in again...

Will most systems complain?

Rather than building a SOC to look at logs and flag unbalanced entries or similar (which would be very expensive), companies tend to rely on their employees’ vigilance.

Of course. If you work in a SCIF, you're going to have a very different set of rules and experiences than if you work at LiftMaster, if you know what I mean.

> I use a few different RMM solutions that could almost certainly handle the log collection, analysis, and real-time monitoring with alerts and I don’t think it’d take much time/effort to set up.

Right! But someone's gotta watch it. All day, and all the time. If it's sending alerts, who is it sending them to? The same security guard can't be responsible for both watching security monitors and watching or responding to access log issues.

The expense is in the people and maintenance, not in the initial buildout, as is true for many large enterprise initiatives.

You can set up your access controllers for anti-passback, but, most folks don't, because companies don't want to pay the costs associated for an 'in' reader and and 'out' reader and implement that level of security.

Recently I worked for a bank where they had different types of entry airlocks, it was a bit a pain, especially the multiperson ones.

Or maybe there’s door access control systems out there that use FIDO2 :D

PKCS based cards get all the benefits of smart cards (hard in theory to extract keys, side channel resistance, etc), with the usual risks (trust in vendors and issuers to not add backdoor APDUs to applets etc.)

Doubt anyone would want to use FIDO2 for a door access control system, but in theory there's nothing really to stop you, if you come up with a clever URI schema for your doors and know what public key to expect for each identity on each URI. That's where FIDO2 wouldn't be ideal, as you'd get a different identity on each URI, so it would only really work with a single URI (zone?) for the whole site, and implementing zone access checks at each individual verifier.

Realistically, doing a PIV style PKI verification would give you all the benefits of FIDO2, but also with the ability to handle card revocation etc via a CRL that's distributed through the system.

I was expecting to have to write some code for it!

I do have a flipper and a classic key, will test it out soon!

We have customers who use smartcards and we often need to read or write to them, during on-boarding they often have no clue what version or spec they are using and it often results in trial-and-error after they send us a few cards with little-to-no markings on them.

I still see classic being installed for door/gate systems in American apartments that are under active construction in 2024. Presumably that’s because resellers either don’t know better or they just have a massive inventory.

> But, quite surprisingly, some other cards, aside from the Fudan ones, accept the same backdoor authentication commands using the same key as for the FM11RF08!

> ...

> - Infineon SLE66R35 possibly produced at least during a period 1996-20136 ;

> - NXP MF1ICS5003 produced at least between 1998 and 2000 ;

> - NXP MF1ICS5004 produced at least in 2001.

> ...

> Additionally, what are we to make of the fact that old NXP and Infineon cards share the very same backdoor key?

Yes, it also means doing basic things like saying "security is important", "vulnerabilities are bad", and "supply chain risk should be addressed", etc. The more informed you are, the more of a pain this is, at least in my experience (disclaimer: I'm not a CISO).

2) Present a huge dollar number to make it sound important;

3) Get promoted as everyone high-up implicitly understands that reputational damage is a fiction that never materializes in practice.

CISOs get promoted by being willing to focus on compliance over security, so that they can cover the company if and when it inevitably gets breached by saying they “followed best practices” (if that’s true).

All of this is because resolving a breach and giving everyone a year of identity theft protection is a lot less expensive, short-term, than actually investing in a real security practice, and companies in the US think in quarters, not years.

Europe is better about this because they tend to think many years ahead rather than focusing on short-term results.

> Through empirical research, we discovered a hardware backdoor and successfully cracked its key. This backdoor enables any entity with knowledge of it to compromise all user-defined keys on these cards without prior knowledge, simply by accessing the card for a few minutes. Additionally, our investigation into older cards uncovered another hardware backdoor key that was common to several manufacturers.

I’ve developed Unified Air, a new technology that allows factory workers to authenticate to production machines using the biometric sensors on their mobile devices—eliminating the need for insecure RFID cards altogether. Not only does this method enhance security by leveraging unique biometric data, but it also streamlines the authentication process, making it both faster and more reliable for operators.

If you’re interested in a more secure and user-friendly alternative to RFID, you can check out more details about Unified Air here: https://support.industry.siemens.com/cs/document/109827772/d...