In a significant revelation, cybersecurity experts have identified a hardware backdoor embedded within a specific model of MIFARE Classic contactless cards, widely used in hotels and office buildings across the globe. This backdoor, which could enable unauthorized access through unknown keys, poses a severe threat to the integrity of secure facilities.
The vulnerability, discovered in the FM11RF08S variant of MIFARE Classic cards, was first introduced by Shanghai Fudan Microelectronics in 2020. According to Philippe Teuwen, a researcher at Quarkslab, the backdoor could allow an attacker with knowledge of its existence to compromise all user-defined keys on these cards, regardless of how diversified they may be. Alarmingly, this compromise can occur within minutes of accessing the card.
The Depth of the Compromise: A Legacy of Vulnerabilities
Further investigations revealed that this is not an isolated issue. A similar backdoor has been discovered in the previous generation of these cards, the FM11RF08, which dates back to November 2007. This backdoor is protected by another key, raising concerns about the long-term security of facilities relying on these cards.
The attack method involves an optimized approach to partially reverse-engineering the nonce generation mechanism, which can accelerate the key-cracking process by five to six times. Such efficiency not only amplifies the risk but also underscores the sophistication of the vulnerability.
The Implications: Instantaneous Cloning and Widespread Risk
This backdoor vulnerability facilitates the instantaneous cloning of RFID smart cards, which are commonly employed to secure access to office doors and hotel rooms worldwide. The attack, though requiring a few minutes of physical proximity to the targeted card, could be executed on a much larger scale if an attacker were to infiltrate the supply chain.
The global reach of this threat is further emphasized by the widespread use of these cards in hotels across the United States, Europe, and India. Consumers and businesses alike are urged to evaluate their security systems to determine if they are at risk from this vulnerability.
A Recurring Issue: Security Failures in Locking Systems
This revelation is part of a broader pattern of security failures in electronic locking systems. Just earlier this year, in March, severe flaws were identified in Dormakaba’s Saflok electronic RFID locks, which could have been exploited by malicious actors to forge keycards and gain unauthorized access.
The discovery of these vulnerabilities highlights the critical need for continuous evaluation and improvement of security measures, particularly in industries where physical access control is paramount. The existence of hardware backdoors in widely-used security devices serves as a stark reminder that the integrity of secure facilities is only as strong as the technology that underpins them.
Protecting Your Organization: Steps to Mitigate the Risk
Given the severity of the threat posed by the FM11RF08S backdoor, it is imperative for organizations to take proactive steps to protect their facilities. This includes conducting thorough audits of existing security systems, replacing compromised RFID cards with more secure alternatives, and engaging in regular security assessments to identify and mitigate potential vulnerabilities.
As the cybersecurity landscape continues to evolve, staying informed about emerging threats and implementing robust security protocols is essential to safeguarding your organization’s assets and reputation.
