NXP statement on the publication by Radboud University Nijmegen 

NXP Semiconductors regrets that the Radboud University Nijmegen has revealed just yet details of the protocol and the algorithm of MIFARE Classic as well as some practical attacks on MIFARE Classic infrastructures to a broad public at the European Symposium on Research in Computer Security (ESORICS) in Malaga/Spain on Oct. 6th 2008.

NXP has an open dialogue with the University Nijmegen and other researchers on the security of MIFARE Classic and has taken the lead in communicating the effects of attacks and possible countermeasures to industry partners who need to know. Nevertheless, NXP would like to point out that a broad publication of detailed information to carry-out attacks with limited means is, at this moment in time, contradictory to the scientific goal of prevention and the responsible disclosure of sensitive information.

Security upgrades, whether still based on MIFARE Classic or migrating to a different card format, are complex system modifications which may involve a combination of hardware and software in the cards as well as in the infrastructure and back-end equipment. As these upgrades can – based on the particular system security requirements – take up to a number of years, it is not conceivable that all MIFARE Classic infrastructures have their security upgraded to the necessary level yet.

In the interest of our customers and to allow them a reasonable time for appropriate system security upgrades NXP had requested a delay of the presentation by seeking an injunction at court. On July 18th 2008 the court in Arnhem decided to allow the publication by the University Nijmegen.

As the manufacturer of MIFARE Classic chips it is NXP’s objective to transparently update all system integrators and operators of infrastructures which use MIFARE Classic in a timely manner, so that they can strengthen the end-to-end security of their systems.

NXP will continue working closely with its MIFARE Classic customers and partners and advises them to urgently take appropriate security measures to protect their systems. More details on how NXP Semiconductors is recommending to address this situation are posted on http://www.mifare.net/security/mifare_classic.asp.

 

2008-11-03
Renesas and NXP announce licensing agreement on MIFARE contactless technology
2008-10-30
NXP facilitates the use of MIFARE in mobile NFC devices
2008-10-06
NXP statement on the publication by Radboud University Nijmegen
more...

Nanjing moves to MIFARE DES...
The citizens of Nanjing, China are no strangers to contactless smart cards: they have been using them since 2001.
City fans support NFC
For football fans, the start of a new season brings new hope, new expectations and new anticipation.
ISIC card brings more benef...
Students in St Petersburg, Russia, can now use their International Student Identity Card (ISIC) on the city's public transport network.
The final whistle
The final whistle of the 2006 FIFA World Cup™ has been blown and Italy went home as champions. With millions of fans descending on Germany to sample the unique atmosphere, the tournament was a huge success.
Olympics spur China’s RFID ...
As host nation for the 2008 Olympic Games, China is busy modernizing many of its infrastructure systems. As part of these developments, Beijing saw the full commercial roll-out of RFID ticketing for its transport network.
more...

Uhlmann & Zacher GmbH
Country: (Germany)
SYNCHRON-S Ltd.
Country: (Bulgaria)
SPECTRA SMART SOLUTIONS Pvt.LTD ( formerly SPECTRA SYSTEMS )
Country: (India)
TETA A.S.
Country: (Turkey)
ACTAtek Technology Inc.
Country: (Canada)
Now 801 partners in database
more news
back to top
Copyright © 2002-2008 NXP Semiconductors Austria GmbH Styria, All rights reserved
Privacy Policy | Terms of Use | Contact