And have been compromised at least since 2007. Risky Biz News: Hardware backdoors found in Chinese key cards
A security researcher has discovered secret hardware backdoors in RFID key cards manufactured by a major Chinese company.
This is a longstanding supply-chain hack from China. These chips are used for key cards for everything from hotel rooms to military installations.
The chips have been around since the mid 1990s
According to Teuwen, the backdoor seems to go back as far as 2007, meaning that many access key cards distributed over the past 17 years can likely be cloned with physical access within seconds.
As it was pointed out in a previous paragraph, RF access cards based on MIFARE Classic were already considered insecure for a long time, but that was due to design errors and not a backdoor. Attackers would still have to waste minutes and physical resources to crack and dump a card's data in order to clone access keys configured on it.
An intentional backdoor puts these cards into a whole new threat matrix cell.
The keys that can be used to break these cards has been published at the link above. This basically means that if someone cares, they can duplicate your hotel room key, the RFID pass used at work, and any other number of things.
We trust supply chains. But as this backdoor indicates, we probably should not trust them.
No comments:
Post a Comment
Comment Moderation is in place. Your comment will be visible as soon as I can get to it. Unless it is SPAM, and then it will never see the light of day.
Be Nice. Personal Attacks WILL be deleted. And I reserve the right to delete stuff that annoys me.