Dutch Public Transit Card Broken
RFID replay attack allows free travel in The Netherlands
If all goes well, the Dutch public transit system will soon use special plastic tickets with an
embedded RFID chip to allow passengers to use all the train, subways, trams, and
buses throughout the entire country without having to buy individual tickets.
The are two kinds of tickets, the "normal" one, which Dutch residents will
use, and a single-use ticket, mostly aimed at tourists. With the normal one,
people can load money onto the RFID chip on the ticket in advance. Whenever
they enter a train, tram, subway, or bus, they place the card near an RFID reader
at the entrance, which records on the card where they began their journey. When they leave
the system, they hold the card near another reader, which is connected to a
computer that determines the cost of the journey and debits the amount
of money stored on the card. Optionally, passengers can also provide the transit authorities with
their bank account number so that when the amount of money on the card
dips below a certain threshold, it is automatically reloaded. In this way the
person can travel any where in the country without ever having to stand in line to buy a
The single-use ticket can be purchased from vending machines and is anonymous
and good for a single ride. The cost per kilometer is higher than for the normal
ticket and no discount is available for senior citizens.
The normal card uses the Mifare Classic chip, which uses cryptography to
protect the money stored on it. The single-use card uses the Mifare Ultralite,
which does not use cryptography. Recently, students and hackers have
launched successful attacks on both of these cards.
The first reported attack was designed by two students at the University of Amsterdam,
Pieter Siekerman and Maurits van der Schee. They analyzed the single-use ticket and
showed its vulnerabilites in a
They also showed how a used single-use card could be given eternal life by
resetting it to its original "unused" state. For this work they won the
Joop Bautz award.
The next attack was on the Mifare Classic chip, used on the normal ticket.
Two German hackers, Karsten Nohl and Henryk Plotz,
were able to remove the coating on the Mifare chip and photograph the internal circuitry.
By studying the circuitry, they were able to deduce the secret cryptographic algorithm used
by the chip. While this alone does not break the chip, it certainly gives future hackers a stepping stone
on which to stand.
On Jan. 8, 2008, they released a statement
abut their work.
The idea of keeping the design of a security system secret is known in the trade as
"security by obscurity".
Long experience has shown it almost never works because the secret invariably leaks out and then the
security is gone. All serious security professionals now believe in
the idea that the design of all security systems should be fully public, with all the security residing
in a secret key. This idea was first published by Dutch military cryptographer Auguste Kerckhoffs in 1883.
If the Mifare Classic card is soon broken, it will be due to the designers failure to adhere to Kerckhoffs Principle.
The third attack on the Dutch transit ticket was again on the single-use Mifare Ultralite card. It done by
Roel Verdult, an MSc. student from the Raboud University of Nijmegen. Roel built
an RFID tag emulator to perform a successful practical relay attack on the
Ultralite card. He gained instant national publicity when he successfully demonstrated his attack on a national
television station Jan. 14, 2008.
Roel's homemade tag emulator was modeled after Kfir and Wool's
"ghost and leech," to perform a simple relay attack. However, anyone can
perform the same attack using Melanie Rieback's RFID Guardian, whose open-source HW/SW design is freely available at
Given that the government has invested about $2 billion in ths new system,
the country was instantly in an uproar and a huge amount of media attention followed.
It has been on the front page of every newspaper in the country all week, in one case
under a front-page headline "OV-shitkaart" (OV is the abbreviation for Public Transit and kaart
means card; the rest is not easily translatable).
The company that
designed the system for the government, Trans Link System, initially pooh poohed the three attacks but has
since come to realize that they may have a problem.
They have also issued several press releases which can be found
Researchers from RU and VU testified before the Parliament 16-17 Jan. 2008. The photo on the right below
shows Flavio Garcia (RU), Roel Verdult (RU), Ruben Muijrers (RU), Melanie Rieback (VU) standing. In front of
them are Wouter Teepe (RU) and Rop Gonggrijp.
During the Parliamentary debate, a member of Parliament from the GroenLinks party, Wijnand Duyvendak, said (translated into English):
"The debate about the OV-Chipcard is symbolic, as we discovered
yesterday at the hearing, for the choice: open or closed software.
The bankruptcy of closed source software shone solidly in the limelight
yesterday. GroenLinks [a Dutch political party] has urged for a long
time that the government should work with open-source software.
Yesterday it became painfully obvious that we may pay a high price due to
the fact that this advice was not followed for the OV Chipcard. It seems
like the responsibility for the risks surrounding the use of closed
secret software has not been accepted in any fashion."
An English-language description of Roel's attack is available here.
An official press release describing the meeting between security experts from Radboud Universiteit and Vrije Universiteit
and people from Trans Link Systems is available in
The researchers also released their own statement in
In March 2008, researchers from the Raboud Universiteit of Nijmegen
reimplemented Karsten Nohl and Hendryk Plotz's brute force attack against
MIFARE Crypto-1 using cryptographic rather than hardware-based means.
They released a press release
and a proof-of-concept video
demonstrating the cloning of access passes from their university.
Other links can be found below. Many are in Dutch but Google has a
translation service that may help.
Radio and Television broadcasts
Online news outlets
Blogs and Miscellaneous
If you have more links, please let me know.
-- Andy Tanenbaum