Technology

Hotel room key cards everywhere could be at risk from RFID security flaw

August 23, 2024

Contactless cards used to open doors in hotels and offices around the world are flawed in a way that could allow any person to open practically any door, experts have warned.

Cybersecurity researchers from Quirkslab focused on FM11RF08S, a variant of the MIFARE Classic card that was released in 2020 by Shanghai Fudan Microelectronics, apparently the “leading Chinese manufacturer of unlicensed ‘MIFARE compatible’ chips.

The report claims the FM11RF08S features countermeasures “designed to thwart all known card-only attacks”, but worryingly, usage of the card is growing increasingly popular by the day.

Cracked in minutes

It reportedly took the researchers a “couple of minutes” to find an attack that cracks FM11RF08S sector keys – when the keys were reused across at least three sectors, or three cards.

Further analysis landed them a hardware backdoor that allows authentication with an unknown key, and when they cracked the card’s secret key, they found it to be “common to all existing FM11RF08S cards!”.

With the backdoor, the experts were able to design “several other” attacks, each of which was able to crack all the keys of any card in just a few minutes, without needing to know any initial keys (besides the backdoor one).

To add insult to injury, Quirkslab then shifted their attention to older models, and found a “similar backdoor” in the previous generation – FM11RF08 – which was protected with another key. After cracking the second key, they found it to be common to all FM11RF08 cards, as well as other Fudan references (FM11RF32, FM1208-10, and probably more), and even old cards from NXP1 (MF1ICS5003 & MF1ICS5004) and Infineon (SLE66R35), some of which date back to late 2007.

To conclude, the researchers warned users to check their infrastructure and assess the risks. “Many are probably unaware that the MIFARE Classic cards they obtained from their supplier are actually Fudan FM11RF08 or FM11RF08S, as these two chip references are not limited to the Chinese market. For example, we found these cards in numerous hotels across the US, Europe, and India,” they said.

Via The Hacker News

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

LEAVE A REPLY Cancel reply

EDITOR PICKS

POPULAR POSTS

QUICK LINKS

ABOUT US

FOLLOW US

Cookie bar