FAQs on the security of MIFARE Classic

What is exactly the discussion around MIFARE Classic?

A: NXP has come to the conclusion that up to date 3 research groups have retrieved the algorithm and developed attacks to break keys of MIFARE Classic-enabled cards within seconds. These are the group around Karsten Nohl, who initially presented the reverse engineering of MIFARE Classic chips in December 2007 at the 24th Chaos Computer Congress in Berlin, the IT security specialists from the Radboud University of Nijmegen as well as Nicolas T. Courtois from the University College London.

According to our information the respective research groups plan to publish their findings by fall of this year latest.

What does this mean for my system? Is it possible that the cards of my system can be cloned?

A: Whether or not a card can be cloned depends on how the system is designed. There are countermeasures possible which limit the risk, but it cannot be fully excluded. However NXP expects that in many systems no or little of such countermeasures are actually implemented.

How is NXP going to prevent the publication of the algorithm?

A: We have clearly explained to the research groups the potential risks that such a publication would entail. But we do not have proof points that these parties will indeed limit the contents of the publication of their scientific research. Consequently, there is a risk of excessive disclosure, including the full algorithm becoming published by fall of this year latest.

The NXP technologies are protected by many intellectual property rights of different nature. Should it appear that any NXP rights (in the broadest sense of the word) have been illegally compromised, NXP will immediately take the appropriate action.

Which products of the MIFARE family are referred to?

A: The attacks exclusively refer to NXP's MIFARE Classic chips comprising the MIFARE Mini, MIFARE 1k and the MIFARE 4k as well as its emulations. The attacks do not refer to other MIFARE products like MIFARE DESFire or MIFARE Plus.

When did NXP know of the MIFARE Classic attack and what did you do about it?

A: We learned of the hack on the 31st December 2007 and immediately assembled a task force to deal with the issue. We have been assessing various implications of the vulnerabilities and been in contact with system integrators since then. NXP is also in direct contact with the research groups and has evaluated their attacks. Although not all vulnerabilities in MIFARE Classic-based infrastructures can be fixed short-term, we identified countermeasures to make the attacks more difficult in order to strengthen the end-to-end security of existing designs and shared these with our partners.

I am using MIFARE Classic in my infrastructure. What shall I do to prevent any security issues?

Please contact your system integrator as soon as possible to assess whether your systems would need any additional security measures in the light of the above.

What do you recommend for existing installations using MIFARE Classic?

In general NXP recommends extensive additional protection mechanisms in MIFARE Classic infrastructures, both on how the data on the card is used as well as deploying additional security layers separate from the card. The system integrators who have designed MIFARE Classic-based installations should review them in light of the existing vulnerabilities, in light of the value of the assets that are protected and in relation to other means of protection and fraud detection in place. Thus they can judge if these systems can remain as they are, if they would require additional measures or if a security upgrade is needed.

Can NXP fix the compromised infrastructures?

NXP's expertise is the design and manufacturing of chips; although we do not design end to end security systems, we would be happy to continuously support your system integrator so that the best solutions are reached.

What does that mean exactly for transport ticketing infrastructures?

It is our assessment that for transport ticketing installations, end-to-end security systems can be designed with the MIFARE Classic chip such that the residual risk of fraud not being detected in time can be drastically reduced. Whether or not those scenarios are acceptable in the individual risk assessment depends on the assets to be protected which only the owner of the system and their system integrator can determine.

What does that mean exactly for access management systems?

End to end measures should also be applied for access management infrastructures, which are typically complemented by additional measures e.g. camera surveillance, security personnel, etc. when valuable assets need to be protected. We recommend that the assessment of the impact of the recent and expected developments takes into account the particular way that the system is implemented and used, its relation to other protection in place, and specifically whether there is a need to prevent unauthorized single time access or access during a limited period of time.

Depending on the specific situation in existing MIFARE Classic access management infrastructures the usage of more sophisticated card ICs may be an alternative to implementing sufficient countermeasures. DESFire EV1 and MIFARE Plus are our recommended solution for new access management implementations where a strong level of security is required to protect against a one time unauthorised access.

What will NXP do to prevent attacks from hackers?

Attacks targeting IC security are part of the normal lifecycle of security products, like viruses on computers. NXP is continuously improving the security level of existing product ranges as well as creating new product ranges with best in class security, e.g. the new DESFire EV1 chip or our recently announced a new member of the MIFARE family, the MIFARE Plus. Both, MIFARE Plus and our high-end product MIFARE DESFire EV1 offer strong AES encryption and are targeted to receive the internationally recognized 3rd party Common Criteria security certification.

NXP has recently submitted two application notes covering end-to-end system security risk considerations for implementing contactless cards. One is for contactless cards in general, while the other is specific for the use of MIFARE Classic.

The documents are available via the NXP document control office; document reference numbers 155010 and 155110. You can request a copy of these documents by filling out the Password Request Form for Confidential MIFARE Documents and mailing or faxing it to the document control office.