Backdoor discovered in MIFARE classic compatible cards
Cybersecurity researchers have discovered critical vulnerabilities in the FM11RF08S, a new variant of the MIFARE Classic smart cards used in access control and public transportation. The FM11RF08S, produced by a Chinese manufacturer, was designed to resist known exploits with a static encrypted nonce as a countermeasure. However, Quarkslab researchers found that this chip contains a hardware backdoor that allows attackers to bypass security measures and gain access to user-defined keys, enabling them to clone or emulate the card. This vulnerability is exacerbated by the fact that the backdoor key is universal across all FM11RF08S chips. The research also found similar backdoors in older versions of MIFARE Classic-compatible chips, indicating a more widespread issue. This discovery highlights the need for organizations to reassess their security strategies and consider more secure alternatives. Quarkslab has contributed tools and methodologies to the Proxmark3 repository to help security professionals test and secure their systems against these vulnerabilities. [View Article](https://securityonline.info/backdoor-discovered-in-mifare-classic-compatible-cards/)