NXP responds to NFC transit security hack

Researchers at Intrepidus Group have demonstrated how an Android NFC phone can be used to add value to a transit card without paying but, says NXP, the vulnerability is limited to transportation card issuers that haven’t upgraded from Mifare Ultralight to the newer Mifare Ultralight C technology.

Researchers from mobile security specialists Intrepidus Group have demonstrated at the EUSecWest conference in Amsterdam a way to refresh a spent stored value public transportation card using an Android NFC phone — without having to pay for the rides:

The “UltraReset” hack can be used to add ten free rides to cards issued by San Francisco Muni and the New Jersey Path transit systems, say the researchers. But that’s only because those systems haven’t been upgraded to take account of this anticipated threat, says Mifare owner NXP.

“The researchers used the NFC phone to re-load smart paper tickets based on Mifare Ultralight,” NXP told NFC World. “The Mifare Ultralight is a cost-optimised solution designed for disposable non-reloadable limited-use paper tickets. It provides only basic security features such as one-time-programmable (OTP) bits and a write-lock feature to prevent re-writing of memory pages but does not include cryptography as applied in frequent-rider plastic cards.

“NXP has introduced the successor, Mifare Ultralight C, in 2008, adding enhanced security (3DES authentication) to protect tickets against unauthorised access, anticipating the widespread adoption of NFC-enabled phones and consequently, possible attack scenarios. Mifare Ultralight C was jointly developed with leading transit system solution providers and, as far as NXP is informed, many public transport operators are currently adjusting their system designs while keeping service sustainability.

“Based on the first information we have received (which is based on news articles), it seems like the mentioned attack is more a system issue than ticket related, and not all a NFC vulnerability. The key sentence stated in articles is “the bits are never turned on”, which refers to the OTP bits and indicates that the usage of the ticket is going beyond the intended non-reloadable limited-use application.

“One key element in smart paper ticketing solutions are non-revertible elements which should be used to implement system security measures. The OTP bits in Mifare Ultralight represent such an element. Successor generations of smart paper ticketing ICs like the Mifare Ultralight C already include one-way counters which have extended non-revertible capabilities.”

Next: Visit the NFCW Expo to find new suppliers and solutions

One comment on this article

  1. The security issue can be solved by putting a MAC using the Unique ID + 32 bits One-Time-Programmable data protecting the ticket counter. However this will limit the usage of the card to 32 times.
    Using Ultra-light as a Single Trip Ticket will not have the 32 times usage limitation if the UID and time of purchase is used to MAC the ticket.
    The above security is assumed that the card will not emulated as it is not worth the effort to emulate.
    Investing in a more secured card is like buy an insurance premium – how how it cost versus how much you want to protect.

    Tan Keng Boon

Comments are closed.