Customers Warned To Upgrade Smart-Card Chips
Date : 22 Jul 2008 Category : Technology
NewsFactor NetworkA spokesman for NXP Semiconductors said the compromised code of the smart cards may require "complex system modifications" of hardware, software and infrastructure, and could take years for customers to secure their systems.
A district court in Arnhem on Friday rejected NXP's request to block a research group from Radboud University Nijmegen from publishing the algorithm of the Mifare Classic chip that the scientists had decoded.
The research group, headed by Bart Jacobs, said it told NXP in March it would release its findings at a Spanish conference in October 2008, giving the chip-maker six months to react. NXP said publication of the algorithm would be irresponsible.
"Damage to NXP does not result from the publication of this article but from the production and marketing of a defective chip, which is NXP's responsibility," the court said.
NXP spokesman Pieter van Nuenen said the Mifare Classic is one of several chips the company makes and is about 10 years old, making it "not the most modern and secure one."
The Mifare Classic is used in over 1 billion cards, roughly 70 percent of "contactless" smart cards worldwide, NXP says on its Web site. It said the London subway and bus system invested 200 million pounds (US$400 million) in a system based on the chip.
Van Nuenen said it was "very unlikely" the company will appeal.
A company statement urged customers to take "the appropriate measures to upgrade the security" of their systems, whether by switching to a higher level security chip or to another system altogether.
"Different installations have different security requirements," it said, and it was impossible to protect all users before the scheduled publication...