Friend
Professional
- Messages
- 2,671
- Reaction score
- 1,104
- Points
- 113
The Crypto-1 encryption algorithm has not stood the test of time.
In July 2024, cybersecurity experts discovered a new vulnerability in MIFARE Classic contactless card technology, which is widely used in transport systems, access systems and other critical areas. This technology has long attracted the attention of both researchers and attackers, but recent discoveries have shown that the vulnerability may be more serious than previously thought.
Researchers from the French company Quarkslab conducted a detailed analysis of the Crypto-1 encryption algorithm, which is used in MIFARE Classic cards to protect data. This algorithm was developed in the 1990s and has been considered obsolete for several years, but is still widely used. New attack methods, such as improved brute-force and side-channel attacks, make it much easier for attackers to break through defenses and clone maps.
In particular, experts found that an attack on one of the weaknesses of the Crypto-1 algorithm allows you to quickly calculate the encryption key, which gives attackers access to all the data stored on the card. Using special hardware and software tools, such as Proxmark3, attackers can clone the map in just a few minutes.
This situation is a serious concern for organizations that depend on the use of MIFARE Classic cards for security. These organizations include transportation systems in major cities, universities, commercial companies, and even government agencies.
Experts strongly recommend that all users of this technology as soon as possible consider switching to more modern solutions, such as MIFARE DESFire, which use more reliable encryption algorithms, for example, AES (Advanced Encryption Standard).
In addition, experts note that the problem affects not only access systems, but also other areas where MIFARE Classic cards are used, such as payment, identification and control systems. Companies that use outdated cards may face serious financial and reputational risks if their systems are compromised.
In this regard, many companies and organizations have started an urgent review of their security systems. Some of them have already started to gradually upgrade their infrastructure, which will require significant costs, but in the long run will avoid more serious problems.
The researchers also emphasize that the use of outdated technologies in critical security systems is unacceptable in today's conditions, when cyber threats are becoming more sophisticated. To ensure security and prevent possible attacks, it is necessary to switch to modern technologies that can provide a high level of data protection.
Source
In July 2024, cybersecurity experts discovered a new vulnerability in MIFARE Classic contactless card technology, which is widely used in transport systems, access systems and other critical areas. This technology has long attracted the attention of both researchers and attackers, but recent discoveries have shown that the vulnerability may be more serious than previously thought.
Researchers from the French company Quarkslab conducted a detailed analysis of the Crypto-1 encryption algorithm, which is used in MIFARE Classic cards to protect data. This algorithm was developed in the 1990s and has been considered obsolete for several years, but is still widely used. New attack methods, such as improved brute-force and side-channel attacks, make it much easier for attackers to break through defenses and clone maps.
In particular, experts found that an attack on one of the weaknesses of the Crypto-1 algorithm allows you to quickly calculate the encryption key, which gives attackers access to all the data stored on the card. Using special hardware and software tools, such as Proxmark3, attackers can clone the map in just a few minutes.
This situation is a serious concern for organizations that depend on the use of MIFARE Classic cards for security. These organizations include transportation systems in major cities, universities, commercial companies, and even government agencies.
Experts strongly recommend that all users of this technology as soon as possible consider switching to more modern solutions, such as MIFARE DESFire, which use more reliable encryption algorithms, for example, AES (Advanced Encryption Standard).
In addition, experts note that the problem affects not only access systems, but also other areas where MIFARE Classic cards are used, such as payment, identification and control systems. Companies that use outdated cards may face serious financial and reputational risks if their systems are compromised.
In this regard, many companies and organizations have started an urgent review of their security systems. Some of them have already started to gradually upgrade their infrastructure, which will require significant costs, but in the long run will avoid more serious problems.
The researchers also emphasize that the use of outdated technologies in critical security systems is unacceptable in today's conditions, when cyber threats are becoming more sophisticated. To ensure security and prevent possible attacks, it is necessary to switch to modern technologies that can provide a high level of data protection.
Source
