Government ID, Smart Cards, Identification and Authentication

Episode 8: Interview with Mifare hacker Karsten Nohl

Wednesday, April 2, 2008

Evaluating the reality of the hack from his perspective and industry insiders

In this episode, the publicized Mifare Crypto-1 hack is examined. Interviews with the researcher that uncoverd the alleged vulnerability, Karsten Nohl, as well as NXP representative Manuel Albers and Smart Card Alliance’s Randy Vanderhoof delve into the topic from all sides.

Albers reports that between 1 and 2 billion of these chips have been issued to date and are in use in transit systems and security and access applications.

Nohl stated that he would wait until next year to make the complete nature of attack public, suggesting “if you are relying on Mifare security, you should start migrating.” When asked if the intent was to give the issuers time to migrate or if he was holding the industry ransom, he replied, “I would acknowledge that we are playing along in the obscurity game … we want every one of these systems to wake up and realize how insecure they are … to convince the last ones that are still claiming we have not found it, we will have to release it.”


Download MP3.

http://www.secureidnews.com/podcasts for older podcasts.

Karsten Nohl and Henryk Plötz present at 24C3

Karsten’s slides (pdf)

Henryk’s slides (pdf)

 [end] 

Related Articles
Episode 95: Identity with high profile events

Large, high profile events, like the London 2012 Olympics, need to be secure while also enabling individuals to get where they need to go without too much of a security hassle. Mark Joynes, director of Product Management at Entrust, explains how security and identity plans for these events are created. He also discusses Entrust’s involvement with the Interpol employee credentials that is used for crossing borders as well as physical and logical access to Interpol facilities and networks.

read more »
Norway transit selects Arcontia for e-ticketing system

Arcontia Technology AB, a Swedish producer of contactless smart card readers and terminals, has won a contract for devices to be used by Norwegian public transport authority Ruter AS.

read more »
Charlie Card expands to the Heart of the Commonwealth

Worcester Regional Transit Authority (WRTA) will later this month introduce the MIFARE-based Charlie Card system to patrons in Central Massachusetts, according to a local news report.

read more »
Episode 93: How card manufacturers are preparing for NFC

Payment card manufacturers have a set way of doing things. With near field communication on the horizon it could be seen as a disruption to some in the industry. The Datacard Group partnered with DeviceFidelity Inc. to offer the company’s In2Pay suite of solutions that use microSD technology in smart phones for contactless payments. The end result is a mobile wallet customers can use at contactless point-of-sale terminals featuring debit, credit or prepaid accounts.

read more »
Episode 94: Prototype mobile ID app tested

When buying a six-pack of beer it makes sense that an individual confirms that they are at least 21-years-old. But when the consumer shows a clerk the government-issued ID they are giving up address, date of birth and other information as well. In a perfect world the clerk would only see the age.

read more »
NXP leads the contactless ticketing market, according to ABI Research

In ABI Research’s newest market study analysis, NXP Semiconductors has reportedly claimed the top spot in the contactless ticketing market with 74% of the market share.

read more »

Copyright © 2012, AVISIAN, Inc. All rights reserved.