A hardware backdoor in millions of RFID smart cards used to open hotel rooms and offices doors and made by a Chinese company that enables bad actors to instantly clone the cards.
The contactless cards are made by Shanghai Fudan Microelectronics Group, a chip manufacturer in China whose MIFARE Classic cards are developed and licensed by chip maker NXP Semiconductors and are used not only in China but also by hotels in the United States, European, and India, according to a researcher with Paris-based cybersecurity firm Quarkslabs.
Researcher Philippe Teuwen noted in a report that despite years of evidence that the MIFARE cards are security risks and have been the target of numerous attacks, they still remain widely used and continue to gain market share.
“By 2024, we all know MIFARE Classic is badly broken,” Teuwen wrote. “But the card remains very popular due to a certain level of business legacy and inertia, as migrating infrastructures remains costly.”
Shanghai Fudan Microelectronics – which makes unlicensed MIFARE-compatible chips – in 2020 released a new iteration of MIFARE Classic that included a specific countermeasure called “static encrypted nonce” that was designed to thwart all known “card-only” attacks – those that require access to a card but not the corresponding card reader. The the FM11RF085 card is gradually gaining market share around the world, Teuwen wrote.
The researcher was running security tests of the MIFARE Classic family of cards, which are widely deployed in public transportation and hospitality industries, when he detected the backdoor.
“This backdoor enables any entity with knowledge of it to compromise all user-defined keys on these cards without prior knowledge, simply by accessing the card for a few minutes,” he wrote.
In addition, an investigation of older MIFARE Classic cards uncovered another hardware backdoor common to several manufacturers.
In his tests of the FM11RF08S cards, Teuwen said he found an attack method that could crack the card’s sector keys in minutes when the keys are being reused across at least three sectors or three cards. Using a fuzzing technique, he discovered the hardware backdoor that allows authentication with a unknown key. He cracked the secret key with the new attack method and found it was common to all FM11RF08S cards.
“We designed several other attacks leveraging the backdoor to crack all the keys of any card in a few minutes, without the need to know any initial key (besides the backdoor one),” Quarkslab researchers wrote in a summary of the report. “The optimized versions of these attacks required a successful partial reverse-engineering of the internal nonce generation mechanism of these cards in black-box mode. We demonstrated how these attacks could be executed instantaneously by an entity in a position to carry out a supply chain attack.”
“What the researchers are talking about is a supply chain attack can occur when vendors implement the MIFARE, then a threat actor compromises the chain by removing the need to process the first stage of authentication in these cards,” said Mayuresh Dani, manager of security research with Qualys’ threat research unit “When the cards are delivered to customers, the attacker is now able to access the assets they are supposed to protect.”
Jason Soroko, senior vice president of product at cybersecurity company Sectigo, said a supply chain attack could happen by inserting compromised chips into card readers or cloning cards during production or distribution.
“Attackers could mass-produce cloned cards or alter the chips’ firmware, allowing widespread, undetectable breaches at scale,” Soroko said. “This could lead to massive, coordinated attacks on multiple facilities, with severe consequences for both security and business operations.”
A similar backdoor was found in the previous generation of MIFARE Classic cards, the FM11RF08, that was protected by another key. Teuwen cracked the second key and found it was in all FM11RF08 cards as well as other Shanghai Fudan Microelectronics references, including at least the FM11RF32 and FM1208-10, as well as older cards from NXP (MF1ICS5003 and MF1ICS5004) and Infineon (SLE66R35).
Existing attacks can be adapted to leverage the second backdoor key to accelerate them, the Quarkslab researchers wrote.
“The FM11RF08S backdoor enables any entity with knowledge of it to compromise all user-defined keys on these cards, even when fully diversified, simply by accessing the card for a few minutes,” they wrote. “It is important to remember that the MIFARE Classic protocol is intrinsically broken, regardless of the card. It will always be possible to recover the keys if an attacker has access to the corresponding reader. There are many more robust alternatives on the market (but we cannot guarantee the absence of hardware backdoors…).”
Quarkslab’s discovery is significant, Sectigo’s Soroko said.
“The ability to clone MIFARE Classic cards in minutes through a backdoor opens doors – literally and figuratively – for unauthorized access, leading to potential breaches in office buildings and hotels. This backdoor can facilitate physical access to restricted areas, compromising both security and privacy,” he said.
Quarkslabs said users should check their infrastructures and assess the risks from the cards. Many are likely unaware that MIFARE Classic cards from their suppliers are FM11RF08 or FM11RF08S, given that there are so many on the market and are not limited to the Chinese market.
Recent Articles By Author