Sorry, Charlie: Researchers say they have your number

Some chromedomes report they've figured out how to break the encryption used by CharlieCards and other "smart cards" that rely on wireless RFID connections to exchange information, such as account balances.

The trio say they are using their knowledge for Good, rather than Evil, by publicizing the possible flaw so that companies can do something about it before evil hackers start churning out zillions of counterfeit cards. One of the three is currently working on a PhD thesis titled Implementable Privacy for RFID Systems (that page also has a video of a talk on the issue).

Nohl and his colleagues "dissected" the MiFare chip to reveal each of the five layers of circuitry that make up the chip and produce the encryption. To do so, they looked at the chip under a conventional optical microscope, and used micro-polishing sandpaper to remove a few microns of material at a time to reveal each layer of circuitry, which then was digitally photographed.

Via Hiawatha Bray.



    Free tagging: 


    Risk of surreptitious CharlieCard duplication

    If this is correct, a thief could theoretically read your CharlieCard just by standing near you, then later produce an exact duplicate of that card.

    Currently, that doesn't pose much of a risk to passengers. But if the T eventually allows you to link your CharlieCard to a bank account or credit card, so that it automatically refills when the stored value is low, this could be a real problem. ChicagoCard Plus has such a system.

    Reprogramming, not duplicating

    By on


    The concern is not really about duplicating anyone's CharlieCard. The real concern is that someone could reprogram their CharlieCard or a similar RFID card so that it allow free access to the T. This could likely be done just by altering the expiration date and/or monetary balance on the card. Once you know how to decode the RFID, it is fairly straight-forward to reprogram it, and presumably duplicate it.