Pavol Luptak

Topic: Mifare Classic analysis

Language: English

Bio:
MSc degree in Computer Science. CISSP, CEH and OWASP Slovakia Chapter Leader. Owner, CTO and Lead Security Consultant of the security-based company Nethemba s.r.o. focused on comprehensive penetration tests and security audits, proposing ultra secure solutions, VOIP solutions, clusters, consulting & training in security areas. You can find details here.

Abstract:
Mifare Classic has been an insecure and broken technology for more than 2 years now. Despite this fact Mifare Classic cards are still massively used (according to NXP more than 1 billion of smartcard chips is world-wide used). We have revealed that almost all smartcards used in Slovak Republic are based on this technology and can be easily cracked. We have made our own implementation of the nested attack (firstly described by the Radboud University of Nijmegen) that can be used for the offline extraction of all Mifare Classic keys. In order to demonstrate the seriousness of the Mifare Classic vulnerabilities, we have decided to do the first public disclosure of this cracking tool.

The presentation covers Mifare Classic basics & security, theoretical and practical attacks and vulnerabilities revealed in Slovak cards.