Forum › MIFARE general topics and applications › old reader with new desfire cards › Reply To: old reader with new desfire cards
Hi Andreas,
It seems that you use MIFARE Classic cards. But identifying a user only with the UID is a security flaw! The UID can be copied very easily and a simple tag can be used to modify the UID to a certain user’s UID.
Let me explain it with a picture. You have a passport with a picture and a lot of other security features. But for the decision if a person can come in, you do not open the passport and compare the picture, you only read the passport number printed on the cover side. If the printed number is one of the expected, it is passed.
You wrote, your “IT-Service Center” prepare the cards, so it should also save the Student ID in a block and set the access to read-only (and make the write access impossible). This always works, regardless if it is a 4-byte-UID card or a 7-byte-UID card.
The TapLinx team
It seems that you use MIFARE Classic cards. But identifying a user only with the UID is a security flaw! The UID can be copied very easily and a simple tag can be used to modify the UID to a certain user’s UID.
Let me explain it with a picture. You have a passport with a picture and a lot of other security features. But for the decision if a person can come in, you do not open the passport and compare the picture, you only read the passport number printed on the cover side. If the printed number is one of the expected, it is passed.
You wrote, your “IT-Service Center” prepare the cards, so it should also save the Student ID in a block and set the access to read-only (and make the write access impossible). This always works, regardless if it is a 4-byte-UID card or a 7-byte-UID card.
The TapLinx team
+ 0
|
- 0