Cryptography Reference
In-Depth Information
The system can be easily spoofed, because all cards issued have identical secret
keys. Hence, once the secret keys of one card have been recovered, the content
of any card in the system can be read out or modified. The authors were able to
carry out payments by copying the content of original payment cards to blank
Mifare Classic cards. The so obtained cards are not exact clones, since the UIDs
of the blank cards are different from that of the genuine ones, as detailed in
Sect. 4.1. Consequently, the fraud could be easily detected in the back-end by
verifying the correctness of the UID of a card on each payment.
The authors of [16] mention that the existence of a device that can fully
clone a card including the UID would allow for devastating attacks, but suppose
that these devices, if available, will be very costly so buying and using them
for micropayments would not be profitable. With our developed hardware, the
presence of an arbitrary valid card, e.g., an exact clone including the UID, can
be simulated with minimal effort and cost, as shown in the following.
5.2 Electronically Spoofing a Contactless Payment System
A powerful type of attack that can be conducted with the Chameleon is called
state-restoration. Even if the credit value was stored encryptedly on the payment
card, e.g., using AES with an individual key per card, the content can be simply
reset to the original credit value by dumping the full content of the card before
paying and reprogramming the card (respectively our card emulation device)
with the previous content after the payment.
As a first step to conduct this attack, we extracted the secret keys using
the methods described in Sect. 3.1. Then, we dumped the content of a genuine
card, including the UID, and copied it to our emulation device, thereby creating
an exact clone. Hiding the device in a wallet, we consequently were able to
carry out contactless payments. The credit value was stored in the EEPROM
of our emulator and is decreased according to the balance due. As a result, the
remaining credit displayed to the cashier appears to be correct and our device
was accepted as genuine. The Chameleon allows to recharge the balance to its
original value by restoring the initial dump when the attacker presses a push
button. Finally, unlimited payments could be carried out with our device. Our
practical tests furthermore showed that the Chameleon allows to open doors
when cloning a valid card of an employee. However, if the fraud occuring due
to the state restoration attack would be detected on the long term, the card
number and/or the UID could be blacklisted and blocked for future payments.
For a more powerful attack, we programmed the Chameleon to generate a
new random UID and card number for each payment. In our practical tests with
the payment system, our emulator now appeared like a new card every time.
Again, we were able to carry out payments, but this time, the device cannot be
blacklisted and blocked in the backend.
In a similar manner, we were able to spoof a copy-and-print service that
relies on contactless smartcards. The printers and copy stations are equipped
with RFID readers that decrease the credit stored on the Mifare Classic card
according to the amount of copies or printings carried out. By repeatedly using
Search WWH ::
Custom Search