Hidden Vulnerability in FM11RF08S Cards

A recent discovery in the cybersecurity field has revealed a hidden backdoor in certain MIFARE Classic contactless cards, specifically within a model known as FM11RF08S. This backdoor could allow unauthorized access, making it possible to bypass authentication and unlock hotel rooms and office doors using an unknown key.

You might be interested in: Urgent Patch: Windows IPv6 RCE Risk

The FM11RF08S cards, released by Shanghai Fudan Microelectronics in 2020, are the latest variation of MIFARE Classic cards. According to Philippe Teuwen, a researcher at Quarkslab, “The backdoor in these cards can compromise all user-defined keys, even if they are fully diversified, by simply accessing the card for a few minutes.”

Supply Chain Attacks and Potential Impact

The investigation suggests that this vulnerability could be exploited quickly and easily by those capable of conducting a supply chain attack. This is particularly concerning since the secret key is shared across all FM11RF08S cards currently in use.

Adding to the complexity, a similar backdoor has been identified in the previous generation of these cards, the FM11RF08, which dates back to November 2007. Although this older backdoor uses a different key, it poses a similar risk.

By partially reverse engineering the nonce generation process, researchers believe that the time required to crack a key could be reduced significantly, potentially making the attack five to six times faster.

Immediate Risks and Broader Implications

This backdoor poses a serious threat, as it allows for the instant cloning of RFID smart cards commonly used for securing office doors and hotel rooms globally. While the attack requires just a few minutes of physical access to the card, an attacker with the ability to carry out a supply chain attack could exploit this vulnerability on a large scale.

Given the widespread use of these cards in hotels across the U.S., Europe, and India, it is crucial for consumers to check whether their cards are vulnerable to this security flaw.

Teuwen noted that the backdoor and its key “enable us to launch new attacks to extract and clone these cards, even if all keys are correctly diversified.”

A Recurring Security Challenge

This is not the first time that security issues have been found in hotel locking systems. Earlier in March, researchers discovered significant flaws in Dormakaba’s Saflok electronic RFID locks, which could be used by attackers to create counterfeit keycards and unlock doors.

As these vulnerabilities continue to emerge, it’s clear that more robust security measures are needed to protect against such threats in the future.