Cryptography is no longer protecting smartcards

October 28, 2008 - 9:40am | Fraud | News |

| More

[img_assist|nid=10924|title=|desc=|link=none|align=left|width=100|height=78]The cryptography on a chip used in travel smartcards, including in London's Oyster card, was found to be exposed to cracks. A researcher known as ‘Bla’ claims that he created exploit code to crack the cryptography on smartcards which use NXP's Mifare Classic chip, such as the Oyster card and the Dutch OV-Chipkaart.

The researcher is developing the open-source software on the Google Code platform. His exploit code, entitled 'Crapto-1', attempts to leverage NXP's proprietary Crypto1 algorithm that was mathematically explained by the Dutch researchers from Radboud University in Nijmegen, who published their work with description of possible attack methods earlier this month.

According to Bla the code is based on the cryptography needed to decrypt captured communications between Crypto1-based RFID tags and card readers. Thus, he claims that the code can "even recover the shared secret" used to verify the cryptographic process. Lately, Dutch freelance security journalist Brenno de Winter stated that he had "verified the code", saying the code was working.

Subscribe to Ecommerce Journal RSS feed

Tags keywords: crack | Crypto1 | cryptography | Oyster card

0 points

Share this story

What are these?

Comments on Cryptography is no longer protecting smartcards

Similar Articles on Ecommerce Journal by sections

eMarketer research: E-commerce brings down

eMarketer’s report: Slower But Still Steady Growth!

eMarketer reports the growth of e-commerce in Brazil

Man can be killed at work by his own negative emotions

Small businesses incline towards electronic payments

PAYMENT SYSTEMS

First Data's Unified Network Payment Solutions Certified for Chip

Protection code for Yandex.Money payments

E-tranzact introduces its innovative technologies

Preparations for a new payments system start-up in UK

AlertPay unveils new banking features for some users

Account holders are threatened by adverse new code

Bank of America protects transactions with a new card

Are ATMs in danger?

Wells Fargo is offering safe document storage

NFC phones – expensive mobile wallets

Unsecured cryptographic keys

MasterCard will protect chip-based payment products with Cryptography Research

Want to hack Oyster cards? Easily! Just read the instructions on the Internet

Age of password generating plastic cards

Credit card holders encounter high fees in Australia

ECOMMERCE-CHECKED

StrictPay, let’s strictly look at it (part 2)

Network Pay. A network of payment options

BilltoBill – an outsourced payment service for Chinese merchants

Cashvouchers: make your Ukash vouchers work as an ecurrency

Accucom’s SafeID protects identity in e-commerce

INVESTMENT INDUSTRY

Hedge funds prefer to declassify their business than regulation

Dailysurfads turned to deadsurfads

Hyips design - trust or not at first sight?

“We want regulation of hedge funds,” Nicolas Sarkozy

1dailyfunds forget this fund

Cryptography is no longer protecting smartcards

Encryption code as a TOP-security level? Forget it!

ZeuS botnet toolkit is being sold on online forums

Microsoft's IIS 6 Web-server software admits hackers to servers

Would disposable credit cards abolish the online fraud?

Any Internet browser exposes your personal data: online privacy is a myth now!

Credit card debts are more important for US consumers than mortgage debts

How to choose a proper password to defend your money?

WaMu Launches Paperless Checking Account Openings on the Web

DNS system is insecure and "can stop any time”? Storm in the cup of tea?

Apple’s ignoring Mac security bug makes a hacker warn users

Meet MeeGo! Intel and Nokia launch first code of a Google Android rival

Most of open source applications for Android and iOS violate the license

Chip and PIN for Whitbread group

Secure authentication tool for mobile and online banking

Calculating education costs with a special device

More questions answered: exclusive interview with Cliff Hopkins of PayPal

Ulysse Hottier from Allopass: "Our plans are to cover new countries..."

Firoz Patel: "AlertPay is like the Fort Knox of payment systems."

WebMoney will be available on iPhone

Amendments to the Code of Banking Practice

Can encryption prevent the cybercrime?

Google faces a lawsuit by Oracle over copy-pasting Java code into Android OS

Online security concerns the nobility

Google is accused of trade secret theft and unjust enrichment

Affiliate with Ecommerce Journal
© 2006 eCommerce Journal, All materials copied should be followed by a back-link to http://ecommerce-journal.com/.
Ecommerce Journal - more about virtual economy|e-commerce news | articles | forex news | trading news | stocks news
| banks | payment systems | payment processors | plastic cards | e-currency exchange | investment | cyber fraud |
gambling news | poker news | casino news | betting news | news free-lance | jobs | CV | ecommerce law aspects |
economic news | trading news | e commerce interview | merchant news | e-commerce history | business news | internet news
Any violation will be reviewed as crime and will be reported to corresponding law authorities. News sitemap