The Victorian Government will replace more than 1.1 million myki transport smartcards after the system was hacked by two German researchers.
The myki cards, issued in December 2009 for the state's trains, trams and buses, were compromised when researchers discovered a secret key that could be used to steal and clone information stored on the card.
Victoria’s Transport Ticketing Authority (TTA) had kicked off a migration plan to upgrade its $8.1 million worth of cards to a 2008 EV1 version of the technology, which has not yet been hacked.
That swap out comes weeks after it was revealed the TTA would pulp $15 million worth of paper myki cards that never left storage.
While that upgrade could be expensive, it should be relatively painless because the card uses the same microprocessor.
The move followed a request from the myki smartcard designer NXP that the hacked cards be dumped and upgraded to the latest 2008 EV1 version.
The cards were also used in transport systems in San Francisco and the Czech Republic.
David Oswald and Christof Paar from the University of Ruhr in Germany revealed how they bypassed the cards’ Triple DES cryptography and stole its secret key in a research paper (pdf).
The paper was presented at the Cryptographic Hardware and Embedded Systems in Japan early this month.
“Our work has severe implications for real-world systems,” the researchers said.
“Operators and vendors of commercial RFID systems can no longer rely on the mathematical security of the employed cryptographic algorithms, but also have to take into account that an adversary may be able to obtain secret keys by means of SCA (side-channel attacks).
“Thus, appropriate protective measures on the system level [such as] ensuring that each smartcard has a unique secret key and storing sensitive data in a separate database in the backend whenever possible, are mandatory to guarantee maximum security.”
The researchers' side-channel attacks targeted weaknesses in the MF3ICD40 card’s DESFire microprocessor implementation.
But the complexity of the attacks meant it was unlikely they would be mimicked.
The compromise require encoded message to be captured by a magnetic near-field probe and recorded by a digital storage oscilloscope and processed by an analogue demodulator and filter.
The attacks were also expensive, Oswald and Paar said, taking up to a year to conduct and requiring some $3000 worth of equipment.
The compromise of MF3ICD40 followed the hack of NXP's Mifare Classic, in which the proprietary cipher Crypto1 was reverse-engineered.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
