Hacking locking systems: Easy game via air interface

In mechatronic wireless locking systems, sensitive information is exchanged via a wireless interface, which can be eavesdropped on by
depending on the technology, can be spied out from a hundred meters, for example. In the case of some extremely insecure access control systems
a simple replay of an intercepted radio code is enough to open doors without authorization. This creates attack scenarios such as the unnoticed creation of duplicate keys from a distance without requiring physical access to the original key.

Another security risk is the so-called relay attack. In this case, two attackers collaborate by one tapping the radio data of the electronic lock of the door to be opened and the other establishing a connection at a distance of several hundred meters to the token located, for example, in the trouser pocket of the victim. Via a separate radio channel, the data is forwarded in real time from the door lock to the token and vice versa, so that the door lock can be opened without authorization using the remote token. This is how many luxury vehicles can be stolen these days.

As the most efficient countermeasure against relay attacks, we recommend giving preference to tokens that require a defined user interaction to open the door, such as pressing a button on the handheld transmitter. The token is thus not permanently active and can be
therefore generally cannot be read remotely without being noticed. Users of other ID media, such as contactless cards or smart keys, where the mere presence of the token is sufficient to gain access to a secured object, are recommended to use traditional protection methods, such as wrapping the token in household aluminum foil - despite the
associated restrictions on comfort.

Caution is also advised with (NFC) smartphones: They offer a particularly large attack surface because they are equipped with a wide variety of interfaces and a complex operating system (with corresponding potential security gaps and entry points for attackers). An infestation with malware is possible and could give unauthorized persons complete control over the smartphone (and the built-in mechanisms for access control).

Electronic access systems that do not require the laying of cables and can reprogram the individual mechatronic locking cylinders via a radio interface offer particularly great convenience. This makes it possible, for example, to make improvements to the firmware in the locking cylinder during operation. But beware: At the same time, this function also entails high risks - therefore
special attention must be paid to the secure design and implementation of a cryptographically secured firmware update. Otherwise, one runs the risk of revealing the proprietary program code to an attacker (IP protection), or opens up new possibilities for manipulation,
for example, unauthorized assignment of locking authorizations. Some manufacturers of electronic locking systems even make parts of their firmware available unprotected on their website for the purpose of updating - a very critical practice.

Mostly not used: unbreakable cryptography

To protect against attacks, tokens and locking cylinders require reliable encryption methods, especially when using wireless communication or radio. Today, powerful chips are used for this purpose even in the smallest embedded devices, such as tokens for opening doors. In a fraction of a second, they calculate highly secure cryptographic procedures, such as 3DES or AES, which was standardized in 2001, in order to encrypt data into a ciphertext. With these processes, the associated plaintext can only be
can be recomputed with knowledge of the secret cryptographic key used for encryption. Guessing the correct
key is not possible because of the unimaginably high number of possibilities. For comparison: 112 bits in 3DES and 128 bits in AES result in 2112 and 2128 possibilities, respectively, and the number of atoms on Earth corresponds to about 2170. Furthermore, these modern encryption methods are resistant to all known forms of cryptanalysis (the mathematical "cracking" of encryption).
resistant: no researcher in the world has yet been able to find an attack that would compromise the security of the above-mentioned methods, which have been in the public domain for many years. Another class of secure algorithms, such as RSA and ECC, allows the use of two different cryptographic
keys ("key pair"), namely one to ENCODE and one to DISCODE the information. This has the advantage that only the latter has to be kept secret, while the former can be distributed to anyone. When used correctly, for example using truly randomly generated cryptographic keys, modern cryptography thus provides secure methods and tools to
theoretically unbreakable mechatronic locking systems that are clearly superior to any purely mechanical system in terms of convenience and security. So much for the theory. In practice, however, there are unfortunately still a large number of cryptographically weak and thus insecure locking systems on the market.

Often more insecure than a mechanical system 

In practice, for example, our security analyses over the past few years have shown significant shortcomings in many commercial solutions for mechatronic door opening, allowing unauthorized access in a simple manner. Often, outdated or proprietary procedures are used for encryption and verification of access authorization, which can be easily levered out. Obvious security weaknesses in various implementations of electronic locking systems leave the impression of cluelessness
in terms of cryptography and the properties of the technologies used. The corresponding attacks often imply a lowering of the
level of protection below that of a mechanical system.

Duplicate key via card emulator 

A classic, widespread example is Mifare Classic-based systems, which do not even use the proprietary encryption (Crypto1) built into the cards, but simply evaluate a unique and unchangeable number (the so-called UID) applied by the manufacturer. The assumption that no other card with an identical UID is available from the manufacturer is correct. However, there are other ways to replay the UID of a card, for example, by using the "Chameleon":
The card emulator can completely imitate any contactless cards as a do-it-yourself project with component costs of approx. 20 Euro - currently supported are the ISO-14443 cards MifareUltralight, Classic, DESfire and DESfire EV1 as well as some ISO-15693 cards. In addition, the following are supported
Mifare Classic compatible contactless cards manufactured by a third-party manufacturer are available, where the UID can be changed at will by the user. An attacker can thus obtain the UID and thus the locking authorization of the eavesdropped card by reading the communication with a door cylinder from a distance of several meters, or read the UID of a foreign card directly with a reader from a distance of up to 30 cm (duration of the readout process approx. 20 milliseconds). Subsequently, for example, a card programmed with the intercepted UID serves as a
Chameleon as a duplicate key. Compared to the unauthorized bypassing of a purely mechanical system, the attacker has an easy game here via air interface.

Although the Crypto1 cipher of the Mifare Classic cards has proved to be very weak since the reverse engineering in 2007, it would still be possible to achieve at least a level of protection roughly equivalent to that of a mechanical locking system if the security functions built into the card were used correctly. An important prerequisite here would be that each card in the system has individual cryptographic keys, so that each card must be attacked individually in order to obtain its contents, i.e., the locking authorization. In real implementations using Crypto1, identical cryptographic keys (often even the "default" values set by the chip manufacturer and therefore known to the attacker) are then found in all cards of a locking system. This widespread misuse of cryptography ("no variation of cryptographic keys") again reduces security enormously, since after one-time extraction of a card's cryptographic keys, free access to any card in the system (and the associated radio communication) is given.

All so-called fixed-code systems whose radio interface does not require cryptography (e.g., purely UID-based solutions with Mifare Classic cards, use of Mifare Ultralight cards, various active handheld transmitters on 433/868 MHz and fixed-code transponders in the 125 kHz range, such as HID ProxCard) are significantly inferior to a classic mechanical locking system in terms of security and, in the opinion of
of the authors is completely unsuitable for secure access control. Likewise, the security functions should under no circumstances be based on proprietary or known weak encryption methods, but should be based exclusively on publicly evaluated methods that can be regarded as secure.

Attacks on the manufacturer key 

Another typical mistake in deriving cryptographic secrets was made, for example, in the case of Microchips "KeeLoq" wireless door openers. The active handheld transmitters generate a new, so-called roll code each time a button is pressed, based on the
proprietary KeeLoq encryption and can be checked for correctness and up-to-dateness at the receiving station after decryption. Each handheld transmitter has a serial number and individual cryptographic keys for this purpose. However, the latter are
calculated with a manufacturer key assigned per manufacturer, which is located in each receiver of the respective manufacturer. In our security analysis, we were able to show that an attacker can extract this manufacturer key using so-called side-channel analysis from just a single current measurement from a receiver. With knowledge of the manufacturer's key, the cryptographic keys of any of the manufacturer's handheld transmitters can now be easily calculated (in technical jargon, a "single point-of-failure"), which is tantamount to a total failure of the KeeLoq system's security: After recording a single opening (rolling) code from up to about 100 meters, the overheard
handheld transmitter can be duplicated. The attacker thus generates a duplicate key via the radio interface that can be used repeatedly and possibly unnoticed for unauthorized door opening.

In another security analysis of Mifare-DESfire-MF3ICD40 cards from NXP, we were able to successfully show that side-channel attacks enable extraction of the cryptographic keys they contain by measuring the electromagnetic radiation of the cards. However, the attacks are significantly more elaborate than in the case of KeeLoq: Specifically, about 250,000 measurements are needed to obtain a secret 112-bit key (duration of key extraction about seven hours). The key that was put on the market after our security check is the
Successor product Mifare DESfire EV1 contains corresponding protective measures that effectively prevent our side-channel attacks, DESfire EV1 is considered secure or non-attackable to date.

Conclusion 

The typical users of modern mechatronic locking systems (and in some cases even the manufacturers) are usually unaware of the weak points described here: users can normally hardly grasp the exact (invisible) mode of operation, let alone the
They have to rely on the often sparse information provided by the manufacturers ("17 trillion different codes," "highly secure process") and often use unsuspectingly outdated, insecure technology. This is where the authors come in to provide more transparency on the security market.