Hardware Backdoor Found in RFID Cards Used in Offices and Hotels All Over the World

A hardware backdoor that could allow unauthorized access to hotel rooms, office doors, and other secure areas has been found in a particular model of MIFARE Classic contactless cards by security researchers.

Shanghai Fudan Microelectronics released the FM11RF08S, the model in question, in 2020. According to Philippe Teuwen of Quarkslab, “The backdoor in the FM11RF08S allows anyone with knowledge of it to compromise all user-defined keys on these cards, even when fully diversified, simply by accessing the card for a few minutes.”

The secret key can be used to launch supply chain attacks in addition to being shared by all FM11RF08S cards currently in circulation, the researchers discovered. Furthermore, FM11RF08, a backdoor from the earlier generation, has been found to function similarly. Cards have been vulnerable to this flaw since November 2007.

Researchers created an optimized attack that can accelerate the key-cracking process by five to six times. This method entails partially disassembling the nonce generation process.

“The backdoor enables the immediate cloning of RFID smart cards used to open office doors and hotel rooms worldwide,” Quarkslab stated. Although physical proximity to the card is usually required for the attack, supply chain attacks have the potential to enable extensive exploitation.

Because MIFARE Classic cards are used in many hotels in the US, Europe, and India, consumers are encouraged to check if their cards are vulnerable.

Teuwen stressed that the backdoor “allows us to launch new attacks to dump and clone these cards, even if all their keys are properly diversified.” This information comes after security holes in Dormakaba’s Saflok electronic RFID locks were discovered earlier this year.