Hacking with a Microscope

Via Bruce Schneier and Cory Doctorow, it appears that smart card used on the London Underground has been cracked by a team of researchers. The most interesting thing to me though, is how they did it (emphasis mine):

The research team was able to obtain the card’s proprietary encryption scheme by physically dissecting its chip and examining it under a microscope. They then photographed various levels of its circuitry and used optical recognition software to produce a 3D representation of the entire chip. By examining the logic gates in great detail, they were able to deduce the proprietary algorithm, which NXP dubs Crypto1.

It seems incredible to me that by looking at the physical gates on the the chip, they were able to figure out the method of encryption used by the card maker. The fact that they used a proprietary encryption algorithm is the issue here, as it has an easily discoverable weakness. If they had used something proven and off the shelf, such as AES or Twofish, knowing the algorithm would be useless, as they have been publicly vetted and challenged over a number of years.

Moral of the story: Don’t build when you can borrow.

Leave a Reply

Your email address will not be published. Required fields are marked *