Those, Umm, ID Cards

They\’re not really very safe.

Millions of identity cards are carrying a serious security flaw that allows them to be cloned by anyone with a standard laptop,The Times has learnt.

The Mifare smartcard, which is used to gain access to thousands of schools, hospitals and government departments around Britain, as well as providing the technology behind 17 million Oyster cards for travel in London, was hacked into by scientists at a Dutch university.

Buildings accessible by photo ID cards were particularly vulnerable to attack, Dr Jacobs said. “An employee can be cloned by bumping into that person with a portable card reader,” he said. “The person whose identity is being stolen may then be completely unaware that anything has happened.

“At the technical level there are currently no known countermeasures.”

Back to the drawing board, eh guys?

7 thoughts on “Those, Umm, ID Cards”

  1. The history of software code protection clearly shows that technical access control measures can ALWAYS be circumvented. There is no single successful technique. Even biometrics are fairly easily spoofed.

    Good news for the security industry – there will always be work replacing the current technology with a new, improved device. You can do this for a company at a cost of a few million, in about 6 months.

    You can do this for a credit card (chip and pin) at a cost of over a billion, in 5 years.

    For a country-wide ID card, ……?

  2. So Much For Subtlety

    I wonder how this is possible. The resources that the Government can bring to bear on producing a fool proof unstealable card ought to, I would have guessed, produced a workable solution. Yet every single attempt has failed.

    Let me predict that every single such attempt will fail. And for non-economic reasons – people who work 9 to 5 for money will always be out thought and out smarted by geeks working for nothing as long as the geeks love what they do.

  3. There are two different technical problems here.

    First, the information made available by the card from one use (or a small number of uses) is sufficient for cloning a card, or effectively cloning a card by being able to reuse the same transmitted data on another occasion.

    This is not unlike the cracking, in their early days, of remotely operated car keys. Initially, there were attacks using RF scanners to capture and then retransmit the same radio signal. A later attack, against a more sophisticated car-key approach relied on cracking encryption that was insufficiently strong. This made vulnerable, vehicles left for long periods in airport carparks, etc.

    On the issue of cryptographic strength of function, it will (at least in my opinion and with computer advances), eventually become practical to decrypt systems based on encryption by low-cost, low-power consumption processors (hence with low computational effort for encryption) of the sort suitable for stand-alone card-based system. This is unavoidable except by deciding on an adequately short lifetime for such systems (which is expensive) or by use of on-line checks, which offers greater scope for secure operation, though is also more complicated and more expensive.

    Secondly, and very importantly, there is the use of radio communications (commonly referred to as RFID) between the card and the terminal that is interrogating it.

    The problem here is that there is no good way for a typical user to protect against covert access to an RFID card (as happens in the particular reported case). At least with contact communications with the card (as with current chip-based UK bank cards) a careful cardholder is able to know every occasion on which the card could have been accessed, and to limit accesses to those necessary for their own authorised transactions.

    As far as I can see, the only advantage of RFID is some combination of longer-life cards (through less contact wear and tear), or lower-cost cards. However, our banks view as cost-effective the chipped contact bank cards that we currently have, so I’m very puzzled as to why RFID is used on cards where the benefits of a successful attack (eg access to supposedly secure government and private sites, more cloned passports) are greater than the typical financial loss from compromised bank cards.

    In summary, RFID greatly increases the opportunities for compromise. Also, such attacks, unlike with contact cards, provide no audit trail whatsoever as to where and when (and so possibly by whom) the card was compromised. Any benefits of RFID, in many or most cases, do not compensate well for the increased risk of compromise.

    Best regards

  4. In a security scenario, any competent defender performs a cost benefit analysis. When you own a home, you judge whether secure locks on the windows are sufficient defence or whether you need to install an intruder detection system.

    Similarly, those companies who have bought Mifare technology should have performed the same analysis. The technology is secure enough for travel cards at the moment, but if somebody comes up with a commercial cloning operation, it will need to be abandoned. The technology is clearly inadequate for controlling building access; allowing intruders into a government office is a different cost to letting somebody ride for free on the bus.

    But I still don’t think that the failure of a commercial security card operation is a sufficient argument to fight against ID cards. Those who favour ID cards will just say “but we’ll get it right”.

    ID cards are misnamed; they are “get out of gaol” cards. As soon as trust of identity via a plastic card is widely accepted, that card will be abused. And, of course, there will be fake ID cards — just as there are no illegal searches of police databases.

    We should challenge ID cards on the central issue, which is misuse and abuse. Technology is a secondary issue.

  5. ID cards that require cryptographic protection are intrinsically insecure. The benefit to a crook from cloning or forging an ID card is huge; the cost is non-negligible, but much, much lower.

    You can put in place all the fancy-schmancy cryptosystems you want, but even then you are not immune to someone actually physically reverse-engineering the card. The keys have to reside somewhere, and a sophisticated attacker, for example one with access to a university-level chip fab facility, can attack the card directly. Cards have been cracked by milling the encapsulation off a chip and directly probing its operation. There are other techniques, like slow-clocking the chip at a supply voltage below its rating, which have been used to leak details of the key. When you have a card that is touted as being such a comprehensive solution to ID, the sums that an attacker would be economically justified in spending are concomitantly large. I would expect that organised crime gangs, especially from Eastern Europe, already have teams in place ready to attack the cards as soon as they are released. No doubt there are also attempts at infiltration being made. Can we guarantee that everyone with access to the system is not a mobster, or in the pay of mobsters? Of course not.

  6. Pingback: About Those ID Cards | Free 101 Articles

Leave a Reply

Your email address will not be published. Required fields are marked *