Cybersecurity researchers have discovered a hardware backdoor in a specific model of contactless MIFARE Classic cards that could enable authentication with an unknown key and thus open hotel room and office doors.
The attacks were demonstrated against FM11RF08S, a new variant of MIFARE Classic released in 2020 by Shanghai Fudan Microelectronics.
“The FM11RF08S backdoor allows any entity with knowledge of it to compromise all custom keys on these cards, even if they are fully diversified, by simply accessing the card for a few minutes,” said Quarkslab researcher Philippe Teuwen.
Not only is the secret key the same across existing FM11RF08S cards, the investigation also found that “the attacks could be carried out immediately by an entity capable of conducting a supply chain attack.”
To make matters worse, a similar backdoor was discovered in the previous generation, FM11RF08, protected with a different key. The backdoor was discovered in cards from November 2007.
An optimized version of the attack could speed up the key cracking process by five to six times by partially reverse-engineering the nonce generation mechanism.
“The backdoor (…) enables the instant cloning of RFID chip cards used to open office doors and hotel rooms around the world,” the company said in a statement.
“Although the backdoor requires only a few minutes of physical proximity to an affected card to conduct an attack, an attacker capable of conducting a supply chain attack could execute such attacks instantly and at scale.”
Consumers are urged to check whether they are vulnerable, especially given that these cards are widely used in hotels in the US, Europe and India.
The backdoor and its key “allow us to launch new attacks to dump and clone these cards, even if all of their keys are properly diversified,” Teuwen noted.
This is not the first time that security issues with hotel locking systems have come to light. Back in March this year, Dormakaba’s Saflok electronic RFID locks were found to have serious flaws that could be exploited by cybercriminals to forge key cards and open doors.
