Hacking RFID Billing Schemes For Fun and Free Rides
The MIFARE Classic is one of the most used contactless cards in the world. It has been created by NXP Semiconductors and uses RFID communication. The Industry has been using this card in access control systems deployed in buildings, as well as in the public transportation as a ticket replacement. In 2008, two groups of researchers, conducting their work almost independently, have performed the card communication protocol and Crypto-1 cipher reverse engineering, uncovering several security weaknesses, which has jeopardized the card reputation. As a consequence, malicious users might clone this card in a couple of seconds. Since then, the MIFARE Classic has been highly exposed on the media. Besides that, other forms of attack have been researched, once there are numerous important systems yet using this undermined technology. This talk is intended to present the card features, the main types of attack, workarounds to control them and, as much as possible, keeping the system secure. As proof of concept we will show how to dump and clone old SUBE cards that still working on the buenos aires subway and bus transportation services.
Marcio Almeida is an Application Security Consultant. He has a Master Degree (UFPE) focusing in Web Application Security and has more than seven years of experience hacking stuff in app & net penetration tests. Marcio also is a Crypto Geek, E-Music Lover and a little bit crazy (who isn't?! :-P). He has previously spoken at Alligator Security Conference (2012 and 2013), You Sh0t the Sheriff (2014) and PasswordsCon Las Vegas (2014).