Security Statement on Crypto1 Implementations
Date: October 12th, 2015
Dear customers and end users,
today a new attack vector on the Crypto1 algorithm was published. In order to properly react on this incident NXP Semiconductors would like to address the known facts in this security statement:
In late December 2014, we were notified according to responsible disclosure principles by the digital security group from Radboud University Nijmegen, the Netherlands about a new card-only attack on the Crypto1 algorithm. Where, by knowing one key on a card as pre-condition, all other keys can be derived. Products affected are:
- MIFARE Classic®,
- MIFARE Plus® in Security Level1 only,
- data being encrypted with Crypto1 on emulations,
- licensed products to third parties and
- counterfeit products using the Crypto1 algorithm.
NXP believes the counter-measures present in products using Crypto1 can only be partially effective if all keys in a card are diversified. The costs involved to change existing systems to fully diversified keys will likely mean that this countermeasure will not be extensively deployed.
NXP therefore is recommending that existing MIFARE Classic® systems are upgraded to NXP products with Common Criteria Certification, using latest security features like MIFARE Plus® or MIFARE® DESFire®. With MIFARE Plus® a gradual upgrade approach is available, with solutions already deployed in many mega-cities worldwide.
Furthermore, NXP does not recommend to design in MIFARE® Classic in any security relevant application. During the last months NXP worked closely together with system integrators to offer our latest high security product families in their solutions. If you would like further information on how NXP and our partners can support your migration to the latest products please don’t hesitate to contact me.
Product Marketing Manager MIFARE Classic® & MIFARE Plus®