Student Decodes Security Devices

March 2nd, 2008  
Team Infidel

Topic: Student Decodes Security Devices

Washington Times
March 2, 2008
Pg. 7

CHARLOTTESVILLE (AP) An encryption code used to protect billions of credit cards, subway passes and security badges is safe no more.
A University of Virginia graduate student and two fellow hackers say they have cracked the code used for tiny chips found inside many "smart cards" with readily available equipment that cost less than $1,000.
Karsten Nohl, 26, and his two German partners dismantled the chip and mapped out its secret security algorithm. They ran the formula through a computer program and broke the encryption after a few hours.
"I don't want to help attackers, but I want to inform people about the vulnerabilities of these cards," said Mr. Nohl, a doctorate candidate in computer engineering at UVa. who is originally from Germany.
The wireless chips found inside credit cards, car keys, security keycards and subway passes use technology known as radio-frequency identification. Cracking the code would allow a criminal to clone credit cards, get free subway rides, gain access to buildings or steal cars.
Mr. Nohl and his colleagues announced their findings at the Chaos Communications Congress in Berlin, an annual worldwide convention of hackers.
Though they are not releasing the details of how they beat the chip's security code, Mr. Nohl said if they could defeat the code, it is possible that criminals might also have done so.
The chip Mr. Nohl breached is manufactured by NXP Semiconductors, a Netherlands company formerly affiliated with the electronics firm Philips.
Manuel Albers, director of regional marketing for North and South America for NXP, disputed the claim, saying Mr. Nohl and his partners obtained only a portion of the cryptographic algorithm.
The company has been in contact with Mr. Nohl and his team and is reviewing their findings.
"We constantly improve and review our products to make sure it's up to snuff with the latest security threats," Mr. Albers said.
Projects such as hacking the security code is the "evil twin" of Mr. Nohl's regular research, he said, which focuses on the development of cryptographic algorithms for computer security.
Exposing security flaws through hacking helps ensure that future products are more secure, said Mr. Nohl's faculty adviser, David Evans, an associate professor in UVa.'s School of Engineering and Applied Science.

Similar Topics
Backlogged Security Clearances Plague DoD, Contractors, But OPM Sees Progress
Iran's Friendly Audience
U.S. Rushes To Smooth Iraq's Anger Over Blackwater
Bill Ties Climate To National Security
Al Gore Inadvertently Breaches Airport Security