Monday, January 11, 2010

Smart Card White Hats are Successful Again

Karsten Nohl and Henryk Plötz, the team of researchers who initially pointed out security flaws in several early 13.56 smart cards, are once again proving their mettle by cloning the latest secure iteration of a card from Legic.

The team was able to intercept "secure" transmissions between a reader emulator and the cards, thus allowing them to generate more "master" cards and child cards which would allow access to buildings, payments, and authenticate user ID's.

13.56 MHz cards are readable by commercially available scanners. Some of which are fairly inexpensive, and are readily available to the public. While the benefits are great, the risks are inherent when dealing with contactless cards.

We say: Rest assured your 13.56 smart cards, like CAC, PIV, TWIC, and FRAC will be safe from attack when work inside a SkimSAFE badge holder. Just dock the card to protect it, and slide it slightly downward with one hand to present the card to access control readers. It's a small investment in your security. Read more...

No comments:

Card File