Researchers from the Ruhr University in Germany found a way to get past the encryption that protects the chip cards considered up until recently to be unbreakable, allowing potential villains to replicate and alter them as they please.
The Register reveals that the equipment required for the operation costs around $3,000 (€2100), a small amount for someone out to do some damage.
So far, these smartcards were used to safeguard almost anything, from homes, office buildings, and credit for all sorts of services and now David Oswald and Christof Paar show the world that the time for an upgrade has arrived.
This is not the first successful attempt of crocking such a card, but it comes to prove even further that these security means are not to be trusted entirely. In this case, the secret key that blocks the information was obtained, thus making it possible for anyone to assume the identity of the smartcard's owner.
Cryptographer Nate Lawson, the principal of Root Labs, after reading the research, revealed that the operation, as described by the German scientists, is easy to replicate by anyone with money and time to spend.
"It provides a recipe for how to extract the secret key material non-invasively, basically by pointing a radio probe at the card and monitoring it as it performs a transaction," he revealed.
Now comes the techie part. How did they achieve the stunt?
Using an oscilloscope, they recorded the card's electrical emissions while being read by a radio-frequency identification reader. By monitoring electromagnetic radiation and other characteristics, over time, they could recover the encryption key that protects the information on a DESFire card.
Fortunately, steps are already being taken to prevent from potential fraud attempts and the company that supplies these smartcards announced that the model that can be crocked will soon be replaced with a more advanced version that is not susceptible to the attack.