Cybersecurity researchers have discovered a hardware backdoor in a certain model of MIFARE Classic contactless cards that can allow authentication with an unknown key and unlock hotel rooms and office doors.
The attacks were demonstrated against the FM11RF08S, a new MIFARE Classic variant released by Shanghai Fudan Microelectronics in 2020.
“The FM11RF08S backdoor allows any entity that knows about it to compromise all user-defined keys on these cards, even if they are fully diversified, simply by gaining access to the card within minutes,” Quarkslab researcher Philip Thewen. said.
Not only is the secret key shared by existing FM11RF08S cards, the investigation found that “attacks could be executed instantly by an entity capable of conducting a supply chain attack.”
Moreover, a similar backdoor was identified in the previous generation, FM11RF08, which is protected by a different key. Backdoor has been seen in cards since November 2007.
An optimized version of the attack could speed up the process of breaking the key by five to six times due to partial reverse engineering of the nonce generation mechanism.
“Backdoor (…) allows you to instantly clone RFID smart cards that are used to open the doors of offices and hotel rooms around the world,” the company said in a statement.
“Although a backdoor attack requires only a few minutes of physical proximity to a compromised card, an attacker with the ability to launch a supply chain attack can instantly execute such attacks at scale.”
Consumers are strongly advised to check whether they are exposed to the vulnerability, especially in light of the fact that these cards are widely used in hotels in the US, Europe and India.
Backdoor and its key “allow us to launch new attacks to dump and clone these cards, even if all their keys are properly diversified,” Teuwen noted.
This is not the first time that security problems have been discovered in the lock systems used in hotels. Earlier in March of this year, Dormakaba’s Saflok electronic locks appeared found contain serious flaws that can be used by armed individuals to forge keys and unlock doors.
