I've been involved with carding for 10+ years and issues with MIFARE Classic cards have been around and known for at least that long. Anyone in the carding industry will (should at the very least) tell you not to use them and move on to DESFire or some other newer safer chips. The introduction even says as much "By 2024, we all know MIFARE Classic is badly broken." If you're still deploying MIFARE Classic cards you reap what you sow.
Yup… the vending machines at my university used to use mifare classic tokens with credit on such tokens… in like 2014 i was a student and ran out of money in the middle of july and barely had the money to buy a train ticket to go home for vacation… but thanks to mommy mifare i managed to survive on sandwiches from said vending machines for like two weeks.
My university had something similar, but with ID numbers correlated to each person in a database that recorded how many credits they had left.
Tapping the vending machine with your card sends the ID in plaintext over the wire to the upstream server, which responds in plaintext for the machine to either accept or reject the transaction.
Tomfoolery may or may not have been performed by a bunch of bored, hungry college students at 1AM one night...
The main point from that is that you should never do a system with stored value on a smart card. The vendors will show you various methods for that, but well it is 2024, just do that online (and the card is just an ID, which optionally can produce ECC signature of some challenge).
No, stored value is a good solution if you want the system to function without online connection. You should still collect all transactions centrally where inconsistencies can be exposed. If that were been implemented GP would have been looking at a fraud charge.
having a pos in places without a reliable internet connection is enough of a reason for stored value cards to be a thing. Some things shouldn't require the mothership to be alive and reachable to work.
You don't need the system to be invulnerable to fraud, you just need to be able to detect it. Offline stored value cards plus separately shipping transactions to a central system with eventual consistency can give you that. The vending machine in question probably isn't invulnerable to physical break in either.
Nice idea in theory, except that now you have a system that immediately and catastrophically breaks if there is ever a backend outage (due to, say, a cyberattack or incompetent software trying to prevent one) or your reader loses network connectivity.
> you should never do a system with stored value on a smart card
...if you can afford to ignore the disadvantages of not doing it. Quite often, you think you can, until you can't.
MIFARE Classic are cheap and reliable, only their encryption is broken. One can use them as simple storage and encrypt/authenticate data by different means. Nothing wrong with that. I did that, ECC signatures are small enough to fit in 2K/4K cards.
A signature fits but what good does it do you? The cards can't sign a challenge, and so someone with access to a valid card can just clone it. (or access to a card and reader, in the case encryption is used)
RFIDs are rarely certified as possession factors, you need an EMV card for that. TPM chips may protect readers. Depends on reader/card ratio, if it's feasible.
Clones/double use/double spend must be caught on reader/server anyway. One can pass a card to another person, and you do not want two people to enter building with the same card.
I implemented double spend protection by introducing a simple operation counter. If the sequence of operation IDs is not continuous, card is blocked. Clones were added to block list within minutes. It was good enough for the use case. Again, MiFARE is very cheap, so tradeoffs are expected.
MIFARE Cards are not RFID cards, and similar systems can absolutely be used as possession factors.
There are also many other authentication-capable cards other than EMV (which is optimized for payments, not really general-purpose authentication) such as various building access cards, national ID cards, ICAO biometric passports etc.
> I implemented double spend protection by introducing a simple operation counter. If the sequence of operation IDs is not continuous, card is blocked. Clones were added to block list within minutes. It was good enough for the use case.
Using that scheme, you could just as well use regular old barcodes, no? Makes for much cheaper readers and even wider compatibility.
> Again, MiFARE is very cheap, so tradeoffs are expected.
There are equally-cheap but secure options that actually prevent cloning or even implement the "electronic purse" use case in a fully offline way.
Usually, MIFARE Classic is only used because there's a huge installed base of readers and/or cards (and/or attached backend software).
Yes, and more generally I've been baffled by the fact that manufacturers - including ARM-based SoCs with SecureBoot (or similar); you know, those PDF spec docuements that disable copy-paste and a nice "confidential" watermark - put their cyber-security stuff under NDA. As if it security-by-obscurity was still a thing.
Oyster has been using MIFARE DESfire, and stopped using MIFARE Classic, for over a decade now.
They're stopping it for completely unrelated reasons (primarily convenience – people don't like having to buy and top up a card – and not having to maintain a vending machine and top-up infrastructure).
