I just got an awesome Galaxy Note 2 to do some development on, and to my extreme delight, I found it has NFC capabilities. For those who haven’t heard of NFC, its an extension of RFID technologies, which allows for wireless data transfer over a 10cm range. Obviously, I had some good fun scanning different things to see what was read, and eventually, my focus turned to my MyWay card.
I was intrigued. Seeing that NFC capabilities in handsets is to become the norm, I was curious to see how secure the cards were. If I could possibly top my card up without having actually paid, or get the details of someone else’s card, it would defeat the purpose of a $65 million dollar system. The MyWay card uses the MiFare Classic 1k standard, which has 16 sectors of 64 bytes. After doing some digging, each sector is encrypted using two 48-bit keys, and the last sector contains these keys, and a configuration file (which specifies which blocks are read-only/write).
At this point I was stuck. If the keys were somehow obtained, it would be a simple matter of seeing which block contains the information regarding the balance, and editing the value, or copying the values onto the phone to spoof someone else’s phone. On the flip side, the legitimate advantage for all of this is to use your phone as your MyWay card, as opposed to the actual card itself. It would also allow for instant top ups (no more fumbling for change when you realise you forgot to top up your card!)
Weekly NewsletterEvery Thursday afternoon, we package up the most-read and trending RiotACT stories of the past seven days and deliver straight to your inbox..
It was an interesting exercise, and I’d love to hear your guy’s thoughts/insights!
UPDATE . This in from the Imagine Team
We’ve had a think about our last blog post and taken a fresh look on how it could be mis-interpreted.
We didn’t intend to give the impression that we were maliciously going after the security of the MyWay system. Nothing of the sort, this was an exploration of what MyWay is and how it works: nothing was hacked or similar, nor are we encouraging it. On that note, the title “MyWay Card Hacking” was a reference to technical exploration, not the criminal connotation of the term.
We’d be really keen to see ACTION/MyWay adopt the positive possibilites of incorporating MyWay into phones with NFC.