Vulnerability Alert: Hardware Backdoor Discovered in RFID Access Cards Used in Hotels and Offices

 

Cybersecurity experts have revealed a significant hardware vulnerability—a backdoor—within specific models of MIFARE Classic contactless cards. This flaw could potentially enable unauthorized authentication using an unknown key, allowing access to hotel rooms and office doors.

The attacks were specifically demonstrated against the FM11RF08S variant, a recent model of MIFARE Classic released by Shanghai Fudan Microelectronics in 2020.

Philippe Teuwen, a researcher at Quarkslab, stated, "The FM11RF08S backdoor allows anyone with knowledge of this vulnerability to bypass all user-defined keys on these cards, even when they are fully diversified, simply by gaining access to the card for a few minutes."

Alarmingly, the secret key is not only prevalent among existing FM11RF08S cards; the investigation revealed that "these attacks can be carried out almost instantaneously by an individual capable of executing a supply chain attack."

Adding to the urgency, a similar backdoor has been found in the earlier model, FM11RF08, which is secured with a different key. This vulnerability has been traced back to cards dating as far as November 2007.

Moreover, an enhanced version of the attack could accelerate the key-cracking process by five to six times through a partial reverse engineering of the nonce generation mechanism.

"The backdoor [...] facilitates the quick cloning of RFID smart cards utilized for accessing office buildings and hotel rooms globally," the company noted in a press release.

While the vulnerability only requires a few minutes of close physical proximity to an affected card for an attack to be executed, an attacker capable of conducting a supply chain attack could implement these exploits immediately and on a large scale.

Consumers are urged to verify their vulnerability, particularly considering these cards are extensively used in hotels across the U.S., Europe, and India. Teuwen highlighted that this backdoor and its key "enable us to initiate new strategies to dump and clone these cards, regardless of whether their keys are accurately diversified."

This incident is not an isolated case; prior security flaws have been identified in hotel lock systems. In March, significant vulnerabilities were discovered in Dormakaba's Saflok electronic RFID locks, which could be exploited by malicious actors to counterfeit keycards and gain unauthorized access to secured areas.