Researchers from security firm Quarkslab discovered a backdoor in millions of RFID cards manufactured by the Chinese chip manufacturer Shanghai Fudan Microelectronics.
The experts announced the discovery of a hardware backdoor and successfully cracked its key allowing the instantaneous cloning of RFID smart cards.
“In this paper, we present several attacks and unexpected findings regarding the FM11RF08S. Through empirical research, we discovered a hardware backdoor and successfully cracked its key. This backdoor enables any entity with knowledge of it to compromise all user-defined keys on these cards without prior knowledge, simply by accessing the card for a few minutes.” reads the research paper published by Philippe Teuwen from Quarkslab “Additionally, our investigation into older cards uncovered another hardware backdoor key that was common to several manufacturers.”
By 2024, it’s widely known that MIFARE Classic cards are highly insecure, but they are widely adopted in many applications due to business inertia and the high cost of migrating infrastructures. The study conducted by the researchers focuses on “card-only attacks,” which target the card itself to recover data and keys for cloning or emulation. Around 2020, the FM11RF08S variant of the MIFARE Classic was released by Shanghai Fudan Microelectronics. It was designed to be resilient to all known card-only attacks, featuring a countermeasure called “static encrypted nonce.”
Researchers discovered an attack that can crack FM11RF08S sector keys within minutes if the same keys are reused across at least three sectors or cards. During this process, they uncovered a hardware backdoor that allows authentication without knowing the key. They successfully cracked the secret key, revealing that it is the same across all FM11RF08S cards.
“Let’s go one step further and assume the mysterious key is the same for several, maybe even all sectors. We can test it quite easily as we have a new attack in Section V exactly for this hypothesis. Indeed, two minutes later, a key appears.” continues the paper. “Quick tests show immediately that the key works for all sectors of the card, no matter keyA and keyB values, but also for all the FM11RF08S samples we could test! FM11RF08S “0390”, “0490” and FM11RF08S-7B “1090” variant share the same backdoor key. Let’s take a breath. Apparently, all FM11RF08S implement a backdoor authentication command with a unique key for the entire production. And we broke it.
A396EFA4E24F (Listing 9: FM11RF08S universal backdoor key)
“Tests show that once authenticated, we can read all user blocks, even if the trailer block access rights indicate that data blocks are not readable. We can read the trailer blocks as well, but keyA and keyB values are masked.”
Quarkslab demonstrated that attacks exploiting a supply chain vulnerability in FM11RF08S cards can be executed instantly. They discovered a similar backdoor in the previous FM11RF08 generation, which was protected by another key. After cracking this second key, they found it to be common across all FM11RF08 cards and other related models from Fudan, as well as older cards from NXP and Infineon.
“The FM11RF08S backdoor enables any entity with knowledge of it to compromise all user-defined keys on these cards, even when fully diversified, simply by accessing the card for a few minutes. Therefore, we considered it important to share this information and alert potential users of the risks.” the company concludes.
“Consumers should swiftly check their infrastructure and assess the risks. Many are probably unaware that the MIFARE Classic cards they obtained from their supplier are actually Fudan FM11RF08 or FM11RF08S, as these two chip references are not limited to the Chinese market. For example, we found these cards in numerous hotels across the US, Europe, and India.”Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, RFID Cards)