featured
partners

You are here:

  • Home
  • Nohl: NXP making ‘terrible decision’

Nohl: NXP making ‘terrible decision’

10 July, 2008

By: Zack Martin

category: Contactless, Corporate, Transit

Dutch semiconductor manufacturer NXP is making a mistake suing Radboud University Nijmegen in the Netherlands, says Karsten Nohl, a University of Virginia graduate student who worked with others to break the MIFARE cryptographic algorithm. “It’s a terrible decision, there is no legal case to be made,” Nohl says. “This was reverse engineered legally without any help from NXP.”

NXP has sued the university to block details of a security flaw in NXP’s MIFARE Classic contactless smart cards. The MIFARE Classic line of products is possibly the world’s most widely deployed contactless product, used for many transit and physical security applications.

The university had sent its research to NXP for review before publishing it, Nohl says. The university did this to inform NXP of the vulnerability in hopes that the chip manufacturer would remedy the situation and inform users that the systems are weak. In the future researchers might not be as kind and instead just publish the research without letting NXP review it first. While Nohl has just about completed his work on MIFARE, if he were to do any additional work he would probably publish it without pre-informing NXP.

Nohl is planning on releasing his research on MIFARE in August. He has been working with NXP and doesn’t think he will be sued. “I had been invited to meet with and discuss how to make their technology more secure,” he says.

Also, Nohl’s research is more theoretical while the university’s actually shows individuals how to crack the security of the chip, he says. “NXP has no problem with what we have,” he says. “The research isn’t about breaking the card but we describe the method of how the card is broken.”

The hearing to prevent the university from publishing its research was held in Dutch court today, but a decision isn’t expected until next week, Nohl says.

The MIFARE Classic line includes the MIFARE 1K, MIFARE 4K and MIFARE Mini products. They are used worldwide in transit fare collection systems, access control solutions, and government ID systems. Large issuers include transit projects such as London’s Oyster program, The Netherlands’ OV-chipkaart, and Boston’s Charlie Card.

For more information see our previous coverage here.


Related articles:

NXP sues to prevent hackers from releasing MIFARE flaws CR80News annual bank partner survey 2010 Despite economy campus banking partnerships grow

Tags: , , ,

recommend to friends

Close

Enter the site

Login

Password

Remember me

Forgot password?

Login
Skip to toolbar