Comment by lxgr
2 years ago
At this point, MIFARE Classic can pretty much be considered plaintext.
There are very fast card-only cloning attacks against even the newest "hardened" cards, and in many of these lock systems (no idea about Saflok in particular though), MIFARE is the only layer of cryptography, and the card only contains a bitmask of locks/doors that it should be able to open.
>There are very fast card-only cloning attacks against even the newest "hardened" cards
Do you mean for MIFARE Classic or for all RFID cards? I was not aware of any cloning attacks for types such as HID Seos.
I have an original London Underground Oyster Card which still works fine! It's MIFARE Classic according to Wikipedia, and do often wonder when TfL will cancel them.
They'll probably keep it around either indefinitely, or will replace it with a fully account-based scheme where there's nothing stored on the card itself (i.e. no stored-value balance) other than an authentication key for the card number.
That's the model they already use for bank (credit and debit) cards too, so they need the backend to manage a deferred account-based system anyway. That's also what the MTA in New York does: They've never supported stored-value cards, and their new physical OMNY cards are effectively just a weird type of closed-loop EMV payment card.