I’m in the wrong country this week!
December 30, 2010I missed this: https://events.ccc.de/congress/2010/Fahrplan/events/4114.en.html
Remember where I said here: “HID’s iClass hasn’t been broken to my knowledge, and is the best bet to transition from their legacy systems”? That’s not quite true anymore. Standard Security Mode in iClass has been broken. Quoting Milosch Meriac’s paper “Heart of Darkness — Exploring the uncharted backwaters of HID iClass security”:
Standard Security Mode is dead. Switch immediately to High Security by asking your local HID vendor for programming cards that will upgrade your Standard Security system to High Security and rotate your existing cards to the new keys at a trusted location only. Make sure that your vendor tells you the new High Security key.
That guy did some cool hacking to get the standard security keys. Additionally, HID screwed up big-time in their implementation.
As a side note, I couldn’t join in the laughter here: https://events.ccc.de/congress/2010/Fahrplan/events/4036.en.html. Someone should have read the Wikipedia page on MIFARE before they made their payment system. The talk explains why.
Threat Forward 
Actually, high security mode does not eliminate the vulnerability that exists that exploits the master key. The report does an EXCELLENT job at uncovering what few have known from their experiments (just not made them public). However, if he had looked deeper at high security mode, he would find that it is not too much more secure either. Unfortunately, if someone wants a card system that cannot be cloned and wants master keys to rmeain unknown, they need to get off iClass entirely, or HID needs to change the product drastically wghich will result ina rip and replace for current customers. At the point, it just makes sense to go with a PIV card with EV1, Mifare emulation from the secure element, or using PKI in the chip. Bottom line is that iClass, being 10 years old now, along with proproetary algorithms, is legacy and it is time to move…