Monday, 23 July 2012

Why Use a Fully Encrypted Card Access Solution – FeliCa - Sony Make.believe

Cards such as Mifare and FeliCa, have an unique manufactures code (CSN) which until recently was adequate for normal level of access control. The CSN number is part of the manufacturing process and it used to requires a high skill level and very expensive equipment to clone chips with a specific number.

It has been possible for a while to read the card data and retransmit this, but this was again limited to a small number of experts with very specific knowledge about the card technologies.  For those applications where the security level had to be higher, encrypted cards have normally been specified.

With the success of the Internet, information sharing has totally changed. Protocols and details are available on line to any one, which already makes it easier for hackers to access.  

There are a few hacker organisations we are aware of and they publish details on how to hack the HID IClass, Mifare and many other types. This was still more of a development community and not easy to do for non experts. 

This has changed and now you can buy ready made equipment which can read the CSN of Mifare, FeliCa, HID and others. The data can then be easily retransmitted. This equipment can be bought ready made on line by anyone.

With the equipment you can easily read someone's card unnoticed (for example, in a lift) and then walk over to any door and retransmit to gain access.

An example of this equipment is available at: 
The trend in using just the CSN can cause big embarrassment for large corporate companies, if security was breached this way and was released in the public domain.

Security levels of cards and readers are becoming increasingly important because of the above statement.

An example of an encrypted Mifare card hacked is on YouTube. are a few examples on the Internet of this.

FeliCa” has not been known to have been hacked and would be outside the scope of most people ability, if this was ever achievable due to the high levels of encryption."

Robert De'Antiquis

No comments:

Post a Comment