Mifare hacked again

Mainstream Information Security news lines [http://bit.ly/pDaXpN]  were reporting another physical security attack against one of the most popular access card services, Mifare, which is still remembered by some for the 2008 attack on the Mifare Classic.  The Mifare DESFire card technologies are used across the world by businesses, governments, and residential consumers for protecting everything from garage door openers to critical infrastructure.

The attack requires a malicious person to acquire the physical card for around 7 hours to obtain the card’s secret key.  Once obtained, an attacker can assume the digital identity of individuals who use the card to authenticate/authorize their access. The atack highlights the reality that any physical devices can be cracked given enough time and cleverness.

When granting access to sensitive assets it is best to rely on multi-factor controls (something you have: the card; plus something you know: PIN or passphrase).

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s