Researchers at Intrepidus Group have demonstrated how an Android NFC phone can be used to add value to a transit card without paying but, says NXP, the vulnerability is limited to transportation card issuers that haven't upgraded from Mifare Ultralight to the newer Mifare Ultralight C technology.
Researchers from mobile security specialists Intrepidus Group have demonstrated at the EUSecWest conference in Amsterdam a way to refresh a spent stored value public transportation card using an Android NFC phone — without having to pay for the rides:
The "UltraReset" hack can be used to add ten free rides to cards issued by San Francisco Muni and the New Jersey Path transit systems, say the researchers. But that's only because those systems haven't been upgraded to take account of this anticipated threat, says Mifare owner NXP.
"The researchers used the NFC phone to re-load smart paper tickets based on Mifare Ultralight," NXP told NFC World. "The Mifare Ultralight is a cost-optimised solution designed for disposable non-reloadable limited-use paper tickets. It provides only basic security features such as one-time-programmable (OTP) bits and a write-lock feature to prevent re-writing of memory pages but does not include cryptography as applied in frequent-rider plastic cards.
"NXP has introduced the successor, Mifare Ultralight C, in 2008, adding enhanced security (3DES authentication) to protect tickets against unauthorised access, anticipating the widespread adoption of NFC-enabled phones and consequently, possible attack scenarios. Mifare Ultralight C was jointly developed with leading transit system solution providers and, as far as NXP is informed, many public transport operators are currently adjusting their system designs while keeping service sustainability.
"Based on the first information we have received (which is based on news articles), it seems like the mentioned attack is more a system issue than ticket related, and not all a NFC vulnerability. The key sentence stated in articles is "the bits are never turned on", which refers to the OTP bits and indicates that the usage of the ticket is going beyond the intended non-reloadable limited-use application.
"One key element in smart paper ticketing solutions are non-revertible elements which should be used to implement system security measures. The OTP bits in Mifare Ultralight represent such an element. Successor generations of smart paper ticketing ICs like the Mifare Ultralight C already include one-way counters which have extended non-revertible capabilities."