Wired Campus: Computer-Science Researchers Expose Security Vulnerability of Some Electronic Key Cards

Search The Site

Opinion & Forums
The Chronicle Review Commentary Forums Live Discussions

Careers
News & Advice My Career homepage Search jobs by position type by discipline/field by state/region by institution Tools & Resources Employer Profiles

Multimedia

Leadership Forum

Technology Forum

Resource Center

Campus Viewpoints

Services
Help Contact us About The Chronicle Subscribe Day pass Manage your account Advertise with us Rights & permissions Employment opportunities

Get the latest headlines each day:
Wired Campus e-newsletter | RSS

In the Comments

You have to learn to let go. The idea that books, magazines, databases or any form of information source can and should be kept for perpetuity is laughable. Items in a library need to be weeded and space is the major reason why. I know all of you want to keep your precious books, and I do to. But who’s going to pay for it, you?... — the other me

Library Protesters to Ohio State U.: Digital's OK, but Save Our Books!

<script language="JavaScript1.1" src="http://ad.doubleclick.net/adj/wiredblog.che/;abr=!ie;abr=!aol;sz=250x250,300x250;ord=?"> </script> <noscript> <a href="http://ad.doubleclick.net/jump/wiredblog.che/;abr=!ie;abr=!aol;sz=250x250,300x250;ord=?"><img src="http://ad.doubleclick.net/ad/wiredblog.che/;abr=!ie;abr=!aol;sz=250x250,300x250;ord=?" width="300" height="250" border="0"></a> </noscript>

Wired Campus Writers

Josh Fischman
Internet issues, new technology, security, computing

Jennifer Howard
libraries, publishing

Sara Lipka
piracy, student technology use

Marc Parry
distance education, security, the technology marketplace

Jeffrey R. Young
video, audio, how technology is changing scholarship and teaching

Need more tech news?
Read our complete IT section.

Categories

March 21, 2008

Computer-Science Researchers Expose Security Vulnerability of Some Electronic Key Cards

Access cards that students use to get into residence halls on some campuses may be vulnerable to hackers, according to computer-science researchers who say they’ve cracked the code on a high-tech key system that uses radio-frequency identification, or RFID.

An article in the latest issue of ComputerWorld outlines the research, led by Karsten Nohl, a graduate student at the University of Virginia. The article notes that two billion so-called smart cards — used in a variety of settings, including college campuses — could be at risk.

The researchers say that they were able to hack an RFID chip made by NXP Semiconductors that used a coding standard known as MiFare Classic. Some proximity cards used at colleges use the same coding standard.

In an interview with The Chronicle this week, Mr. Nohl said that a thief could copy the data on a person’s RFID card by walking close enough to the person to scan the card with a reader. The chip’s information could then be decoded.

A malicious hacker with that ability could essentially steal the key out of your pocket without your card’s ever leaving your wallet. “You think if you put it in your wallet and you never show it to anybody, it must be safe,” said Mr. Nohl.

A spokesman for NXP Semiconductors said the company already makes RFID card systems that are more secure. —Jeffrey R. Young

Posted on Friday March 21, 2008 | Permalink |

Comments

They are concerned about this security issue but in the following story nothing was done:
http://www.redorbit.com/news/health/1239669/ut_southwestern_ricin_researchers_chafe_at_security_crackdown_medical_school/index.html?source=r_health

— Brent Mar 22, 04:11 PM #
I worked at UMass-Amherst Dept. of Public safety for over 6 years. When the school introduced the key card system in the late 90’s we all knew that it would only be usefull for one semister befor students found a way to circumvent the system. This newer technology only proves tht the newer the technology the easier it becomes to break it.

— dan Mar 24, 10:29 AM #
This RFID card security risk has been known for years. ‘Researchers’ weren’t the first, either.

— jm Mar 25, 09:15 AM #

Commenting is closed for this article.

Previous: Can Intel-Microsoft Money for Universities Make Up for Defense Department Shortfall?
Next: U. of Pennsylvania to Computer Users: Don't Use Vista SP1

Home | Chronicle Careers | The Chronicle Review