Myki gets upgrade as vulnerability emerges

The Victorian Transport Ticketing Authority (TTA) is transitioning to newer myki smart cards following the discontinuation of the current version and the revelation that the cards are vulnerable to modification.

(Timetable TripUp image by MrPbps, CC2.0)

This week, a group of German researchers released a paper describing how the Mifare DESFire MF3ICD40 cards that are used in the myki ticketing system could be cloned, and the information stored on them accessed and/or modified, potentially allowing for account balances to be faked.

The cards are susceptible to a form of differential power analysis (DPA), where attackers observe the power consumption or electromagnetic radiation emitted by the cards and by analysing variances during cryptographic processes, which can extract stored information, such as its secret keys. As the attack itself is non-invasive and won't damage the cards, it is very difficult to determine whether an attack has taken place.

NXP, a subsidiary of Panasonic that makes the cards, said in a statement that it was aware of the vulnerability. The company stated that the card would be discontinued at the end of this year, and customers should upgrade to its DESFire EV1 series, which aren't vulnerable to the attack.

Stephen Wilson, managing director of digital identity research company Lockstep, said the vulnerability would have been an easy fix during the design phase.

"This type of side channel attack has been known for over a decade. It is easily circumvented in the silicon, although at a cost of several tens of cents. For a transit smart card, operators are keen to save cents per card, so until an attack like this is proven, DPA protection and other advanced security measures are often left out on economic grounds," he said.

Although this could have been a cost-cutting method, the TTA appears to have avoided cutting corners with respect to card security. There are four security measures that can be installed for the cards relating to key diversification, fraud detection, card blocking and card information binding. The TTA elected to include all four, pointing the issue further up the chain to the manufacturer.

Despite the cards being theoretically vulnerable, however, there isn't a need to replace the cards as a matter of urgency. NXP stated that even if the lab equipment required to pull off the vulnerability is obtained, it could still take hours to days for the analysis of a card to be completed.

"End consumers will hardly be affected: the theft of a wallet can pose a greater threat to personal belongings than the attack on a public transport card, which also needs to be stolen in order to be successfully attacked," the company said.

Wilson agreed.

"For a transit smart card, even a yearly pass worth hundreds of dollars, you would question the criminal return on investment of spending $3000 on equipment to clone one card," he said.

TTA CEO Bernie Carolan was also quick to point out the limited extent to what could be gleaned from the cards.

"No personal information is stored on a myki card. Only the card balance and the past 10 transactions are held on the card. If one of the 10 previous transactions was a top up, no banking details are recorded on the myki card, just the amount added."

Additionally, those that had access to the right equipment and sought to artificially inflate their card balance would see limited returns. NXP stated that the ability for operators such as TTA to blacklist cards will make it hard to pull off cloning or modifying cards for commercial purposes.

The TTA said it did not have any plans to recall any of its 1.1 million cards that are currently in the wild and believed that myki customers needn't worry about the security of their cards.

Nevertheless, it is taking action to change them.

"The TTA, through its contractor Kamco, has already begun developing a migration strategy to a newer version of [card], the Mifare DESFire EV1," Carolan said.