Re: RFID credit cards cracked (yet again ...)

["Richard M. Smith" <rms () computerbytesman com>]

Related papers can be found here:

http://www.rfid-cusp.org/workshop/2008/post_workshop.html

RFID SECURITY WORKSHOP: FROM THEORY TO PRACTICE

January 23 & 24, 2008
Johns Hopkins University
Baltimore, MD

This small, informal workshop aims to give voice to the security needs of
intensive deployers of RFID in the pharmaceutical, medical, transportation,
consumer-payment, and retail industries. By representing a broad
cross-section of the RFID community, the workshop will look to shape the
research programs of technologists in the service of pressing, real-world
problems and to connect industrial RFID users with the scientists crafting
next-generation RFID systems. The workshop will include two days of invited
talks, panel discussions, and breakout sessions. The workshop will be off
the record for media attendees.

The workshop has been planned in conjunction with Vrije Universiteit
Amsterdam. A European companion workshop will take place Spring 2008 at the
Lorentz Center, Leiden, the Netherlands.

Richard

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On
Behalf Of Rob, grandpa of Ryan, Trevor, Devon & Hannah
Sent: Friday, February 29, 2008 2:53 PM
To: funsec () linuxbox org
Subject: [funsec] RFID credit cards cracked (yet again ...)

"I want to inform people about the vulnerabilities of these cards"

A University of Virginia graduate student and two fellow hackers say they
have 
cracked the encryption code that protects billions of credit cards and
security 
badges. With readily available equipment that cost less than $1,000, the
student 
and his two Germany-based partners dismantled a chip that is found inside
many 
"smartcards" and mapped out its security algorithm. The hackers were then
able 
to run it through a brute force computer program that broke the encryption
after 
a few hours. If they were to try again, he said, it would take a matter of
minutes. 
"I don't want to help attackers, but I want to inform people about the 
vulnerabilities of these cards," said the Ph.D. candidate in computer
engineering at 
UVa who is originally from Germany. The findings were announced at the Chaos

Communications Congress in Berlin. They are not releasing the details of how

they beat the chip's security code.  

http://www.dailyprogress.com/servlet/Satellite?pagename=CDP/MGArticle/CDP_Ba
sicArticle&c=MGArticle&cid=1173354778618  

======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
Funny. I've never heard `Project Gutenberg' called `Yahoo' before
    - http://ars.userfriendly.org/cartoons/?id=20051004&mode=classic
http://victoria.tc.ca/techrev/rms.htm

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.