Government ID, Smart Cards, Identification and Authentication

Episode 8: Interview with Mifare hacker Karsten Nohl

Wednesday, April 2, 2008

Evaluating the reality of the hack from his perspective and industry insiders

In this episode, the publicized Mifare Crypto-1 hack is examined. Interviews with the researcher that uncoverd the alleged vulnerability, Karsten Nohl, as well as NXP representative Manuel Albers and Smart Card Alliance’s Randy Vanderhoof delve into the topic from all sides.

Albers reports that between 1 and 2 billion of these chips have been issued to date and are in use in transit systems and security and access applications.

Nohl stated that he would wait until next year to make the complete nature of attack public, suggesting “if you are relying on Mifare security, you should start migrating.” When asked if the intent was to give the issuers time to migrate or if he was holding the industry ransom, he replied, “I would acknowledge that we are playing along in the obscurity game … we want every one of these systems to wake up and realize how insecure they are … to convince the last ones that are still claiming we have not found it, we will have to release it.”


Download MP3.

http://www.secureidnews.com/podcasts for older podcasts.

Karsten Nohl and Henryk Plötz present at 24C3

Karsten’s slides (pdf)

Henryk’s slides (pdf)

 [end] 

Related Articles
Episode 89: Google Wallet's vulnerability

viaForensics revealed some interesting information about Google Wallet. While the system is generally viewed as secure it still does leave some personal data unencrypted. Regarding ID’s Gina Jordan spoke with Andrew Hoog, chief investigative officer at viaForensics, about the analysis the company did on the system. While Google made some changes to the software after the report was released, Hoog says more needs to be done. “There was a lot of information left on the device,” he says. “If somebody was trying to take over an identity, they could use this information to either pose as you or call you and act like they’re the credit card company and try to get you to release the additional information,” he adds.

read more »
Quantum cryptography could be the real deal for smart phone security

Using smart phones for online banking and shopping has been promoted as the next big thing, but adoption has been slow, partly due to the fact that smart phones have security issues. Scientific American reports that this might change with the development of quantum cryptography.

read more »
Bengaluru Metro System adopts NXP's MIFARE technology

NXP Semiconductors announced that its MIFARE DESFire EV1 platform has been selected to manage the automated fare collection of the newly opened metro in the Indian city of Bengaluru, formally known as Bangalore.

read more »
Episode 88: Defining the mobile wallet

With near field communication on the horizon and more handsets hitting the market that include the technology, what about the mobile wallet? The software the enables the chip on the phone to perform various tasks is necessary for anything to happen in the NFC ecosystem. The Mobey Forum released a white paper that examines the mobile wallet, what it is and what it does. Gerhard Romen, member of the board of directors at the Mobey Forum and director of Mobile Financial Services at Nokia, discusses the report and why the mobile wallet is more than just payments. Romen also gives his take on Verizon’s decision not to enable Google Wallet in the new Samsung handsets in favor of its soon-to-be-released ISIS.

read more »
Episode 90: Visa explains online EMV

Visa made waves in August when it unveiled a road map to move the U.S. to EMV and then again in January when the company said that the country’s deployment wouldn’t be chip and PIN. Stephanie Ericksen, head of Authentication Product Integration at Visa USA, talks to Regarding ID’s Gina Jordan about the move and why the U.S. will have a different solution than what other typically associate with EMV. “One thing that we’re trying to clarify is there are many countries around the world that have adopted EMV chip technology, but it’s not chip and PIN,” Ericksen says.

read more »
Idesco offers more control over contactless access with DESCoder update

Idesco announced that it has updated and enhanced its DESCoder software package, offering security providers and end users alike more control over their contactless access control systems.

read more »

Copyright © 2012, AVISIAN, Inc. All rights reserved.