If you hold a credit card issued in the past 18 months, or use a touchless keycard to open doors at your office, or ride the subway with a reusable fare card, chances are good that you have used a card or ticket with a tiny wireless security chip embedded in it.
A trio of young computer experts, including a student at the University of Virginia, recently demonstrated that the encryption used by over a billion such "smart cards" is much easier to break than previously thought.
Their research shows that a tech-savvy thief with only a personal computer and about $1,000 worth of readily available equipment could make fake access cards to gain entry into high-security areas, could produce counterfeit mass-transit fare cards, and could even gain entry to cars by cloning certain wireless car keys that can open or lock the car from 20 feet away by clicking a button. (In order to drive the car, the would-be thief would still need to defeat the mechanical ignition system.)
In order to prevent those with nefarious purposes from exploiting this security hole, the trio — including U.Va. graduate student Karsten Nohl — have not publicly disclosed the full details of how they defeated the wireless security. But their demonstration of the vulnerability of these widely used chips is a wake-up call to the millions of people already using these chips.
Security experts knew that it was feasible to break the encryption of this type of wireless chip, explained Nohl, but most assumed that it was difficult enough to do so that the chips were unprofitable to attack. Companies that do so for legitimate purposes (such as checking chip designs for patent infringement) would charge from $100,000 to $500,000 and use esoteric (and expensive) research laboratory equipment — a high threshold to steal information from a wireless computer chip that is about the size of a grain of sand and costs less than a dollar.
