Hacking RFID Billing Schemes For Fun and Free Rides presented at ekoparty 2014

by Marcio Almeida Macedo,

Summary : The MIFARE Classic is one of the most used contactless cards in the world. It has been created by NXP Semiconductors and uses RFID communication. The Industry has been using this card in access control systems deployed in buildings, as well as in the public transportation as a ticket replacement. In 2008, two groups of researchers, conducting their work almost independently, have performed the card communication protocol and Crypto-1 cipher reverse engineering, uncovering several security weaknesses, which has jeopardized the card reputation. As a consequence, malicious users might clone this card in a couple of seconds. Since then, the MIFARE Classic has been highly exposed on the media. Besides that, other forms of attack have been researched, once there are numerous important systems yet using this undermined technology. This talk is intended to present the card features, the main types of attack, workarounds to control them and, as much as possible, keeping the system secure. As proof of concept we will show how to dump and clone old SUBE cards that still working on the buenos aires subway and bus transportation services.