A recent discovery by French cybersecurity firm Quarkslab has revealed a critical security flaw in millions of contactless key cards used worldwide for office and hotel access. These cards, equipped with chips manufactured by Shanghai Fudan Microelectronics Group, are now vulnerable to a hardware backdoor that could potentially allow attackers to clone them with ease, putting security at risk.
The vulnerability in question was detailed in a research paper by Quarkslab, shedding light on the presence of a hidden backdoor in chips commonly used in contactless access cards. Known as the FM11RF08S and FM11RF08 variants, these chips were intended to withstand traditional card-only attacks but were found to have a serious flaw that could be exploited by malicious actors.
The backdoor grants attackers the ability to clone cards in a matter of minutes, granting them unauthorized access to secure areas and compromising the overall security of the system. While the exploit does require physical proximity to the targeted card, the potential for mass exploitation exists if the supply chain is compromised, allowing for large-scale card cloning during manufacturing.
Quarkslab’s researchers uncovered a secret key embedded in the affected chips, accessible through the backdoor, that unlocks all user-defined keys on the cards. This means that any key on these cards can be compromised quickly by an attacker who is aware of the backdoor mechanism, regardless of individual diversification measures.
Experts in the field have highlighted the severity of this discovery, emphasizing the ease with which cards can be cloned and the potential ramifications for security. Patrick Tiquet, Vice President of Security & Architecture at Keeper Security, underlined the need for thorough security practices and careful scrutiny of components in the supply chain to prevent such vulnerabilities from being exploited.
For consumers and organizations using MIFARE Classic cards, it is essential to assess the risks posed by this security flaw and take immediate steps to mitigate them. Checking the type of card being used and considering an upgrade to more secure alternatives are crucial measures to safeguard against potential attacks.
This latest development serves as a reminder of the ongoing challenges in maintaining cybersecurity in today’s interconnected world. As technology evolves, so too do the tactics used by adversaries to exploit vulnerabilities in systems. Vigilance and proactive measures are key to staying ahead of potential threats and ensuring the security of sensitive information and access control systems.