Electronics Production | April 02, 2008
NXP RFID encryption cracked
The Chaos Computer Club and the University of Virginia have cracked the encryption scheme of NXPs popular Mifare Classic RFID chip.
The device is used in many contactless smartcard applications, such as loyalty cards and access control cards. According to a report in Süddeutsche Zeitung, CCC and experts at the University of Virgina were able to crack the encoding scheme with little effort. This will enable the crackers to read out data, recharge payment cards, copy RFID cards or generate "new" users. The Mifare Classic chips are a big-seller since it first entered the market in mid-nineties. This means that the 48-bit encoding scheme does not match requirements. However, NXP sees no necessity to modify the encryption. "We will inform our customers about the incident", a spokesperson of the company said. But it is the decision of the system integrator or customer if he will continue to rely on the Mifare Classic." The spokesperson also pointed out that the Mifare Classic is not used in security-critical applications such as passports or electronic health cards.