Dutch scientists and researchers from Radboud University in the Netherlands have made public and published the details and methods of how to crack and hack into MIFARE Classic RFID chip card. MIFARE Classic RFID card is one of the most popular credit card sized contactless smartcard commonly used as access ID or stored value card for electronic ticketing, such as in Olyster Card used in public transport services that including London Underground, buses, the Docklands Light Railway (DLR), London Overground, trams and some National Rail services within the Greater London area of the United Kingdom (UK), OV-chipkaart in Netherlands, Touch ‘n Go in Malaysia and Octopus Card in Hong Kong.

Previously, the academics had demonstrated the weaknesses and ability to copy, clone and manipulate the card in the MIFARE Classic smart card system in the video shown below, and in a security paper named “A Practical Attack on the MIFARE Classic” (now renamed the CARDIS paper). However, the release of detailed information on the crack or hack on the vulnerability of MIFARE had been delayed by legal action through a preliminary court injunction from NXP Semiconductors, the card’s manufacturer. However, the judge has ruled that publishing scientific article which called “Dismantling MIFARE Classic” (now called ESORICS paper) is allowed under the principle of freedom of expression, it’s importance that the results of scientific research be published so that manufacturer addresses the issue and the criminal cannot profit from the vulnerability.

The main paper, Dismantling MIFARE Classic, had leaked to Internet for a while, but it’s officially published onine during ESORICS 2008 (13th European Symposium on Research in Computer Security). For non-technical people who can’t understand the complex scientific jargon, Proof of concept, cloning the OV-Chip card paper that describes the practical execution of a cloning attack of the Mifare Ultralight in a non-technical manner is also available. More details can be found and download at Digital Security group homepage.

However, bad news for hackers, crackers or transit users who want to save few bucks, the Dutch researchers also publish manuscript “Making the Best of Mifare Classic” which contains countermeasures which can help to prevent state restoration attacks and to detect attempted cloning of cards. And, NXP claims that there is techniques and countermeasures to detect hacked, cracked or modified cards and data which have been tampered with.