NXP statement on the court decision to allow the publication by Radboud Unive
NXP statement on the court decision to allow the publication by RadboudUniversity NijmegenNXP Semiconductors regrets the decision of the court to allow the publicationby Radboud University Nijmegen, which includes attacks on MIFARE™ Classicinfrastructures and was published in October 2008. While NXP has – since wefirst learned of a hack on December 31st 2007 – taken a leading role incommunicating the effects of attacks to everyone who needs to know, publishingthe means to actually carry them out is contradictory to the scientific goal ofprevention and the responsible disclosure of sensitive information.
As the publication from the Radboud University of Nijmegen reduces thebarrier to carry-out actual attacks – as is now confirmed by the court – and inspite of our efforts the University would not remove the elements from whichillegal activities are facilitated, NXP had no other choice but to seek aninjunction by the court in order to defend the interests of our customers andallow them reasonable time for appropriate system security upgrades.
Based on today’s decision affected parties such as system integrators andoperators of infrastructures using MIFARE Classic cards may want to urgentlyreview their systems and may address their interests with the University ofNijmegen, in relation with the aforementioned intended publication.
NXP’s objective as the manufacturer of MIFARE Classic chips, is totransparently update all system integrators and operators of infrastructureswhich use MIFARE Classic in a timely manner, so that they can take theappropriate measures to upgrade the security of their systems. Such upgrades,whether still based on MIFARE Classic or migrating to a different card format,are complex system modifications which may involve a combination of hardware andsoftware in the cards as well as in the infrastructure and back-endequipment.
Different installations have different security requirements, however it isnot conceivable that they all will have their security upgraded to the necessarylevel in a period of months until this paper is published; these upgrades willtake up to a number of years.
Since March 2008 NXP has repeatedly offered to the Radboud UniversityNijmegen to publicly recognize their findings and scientific achievementsrelated to MIFARE Classic. NXP will continue working closely with its MIFAREClassic customers and partners and advises them to urgently take appropriatesecurity measures to protect their systems.
Back to MIFAREClassic >>
Home > Technology > Security > MIFARE Classic > NXP statement on the courtdecision
页:
[1]