Some of the world's most popular RFID smart cards, used by groups like NASA and Chicago Transit, are now vulnerable to intrusion using relatively simple means. Researchers at a German university have detailed a "side channel" exploit which allows attackers to clone or modify the contents of Mifare DESfire MF3ICD40 smart cards. The method uses a sophisticated form of eavesdropping that gives access to a card's 112-bit secret key, thereby bypassing the improbable task of cracking the Triple DES encryption directly. The hack requires about $3,000 in equipment, takes about seven hours to complete, and leaves no trace.
NXP, manufacturer of the vulnerable cards, says there's nothing to worry about since the cards are using 2002 technology and will be phased out as of December 31st. But the company has had similar issues in the past, and there are over three billion of the compromised cards in circulation that may not be upgraded right away. Still, despite the obvious security holes, we're not sure how dangerous (or likely) this actually is — who's going to want to make a clone of your bus pass with $10.50 on it? On the other hand, government agencies like the Department of Interior may not want sensitive access cards being duped by intruders.
Of course, if your RFID-equipped transit system is like my own D.C. Metro, this particular compromise may be moot. Hackers will have a hard time getting any sort of signal out of those infernal cards.