NXP statement on the court decision to allow the publication by Radboud University Nijmegen
NXP Semiconductors regrets the decision of the court to allow the publication by Radboud University Nijmegen, which includes attacks on MIFARE™ Classic infrastructures and was published in October 2008. While NXP has – since we first learned of a hack on December 31st 2007 – taken a leading role in communicating the effects of attacks to everyone who needs to know, publishing the means to actually carry them out is contradictory to the scientific goal of prevention and the responsible disclosure of sensitive information.
As the publication from the Radboud University of Nijmegen reduces the barrier to carry-out actual attacks – as is now confirmed by the court – and in spite of our efforts the University would not remove the elements from which illegal activities are facilitated, NXP had no other choice but to seek an injunction by the court in order to defend the interests of our customers and allow them reasonable time for appropriate system security upgrades.
Based on today’s decision affected parties such as system integrators and operators of infrastructures using MIFARE Classic cards may want to urgently review their systems and may address their interests with the University of Nijmegen, in relation with the aforementioned intended publication.
NXP’s objective as the manufacturer of MIFARE Classic chips, is to transparently update all system integrators and operators of infrastructures which use MIFARE Classic in a timely manner, so that they can take the appropriate measures to upgrade the security of their systems. Such upgrades, whether still based on MIFARE Classic or migrating to a different card format, are complex system modifications which may involve a combination of hardware and software in the cards as well as in the infrastructure and back-end equipment.
Different installations have different security requirements, however it is not conceivable that they all will have their security upgraded to the necessary level in a period of months until this paper is published; these upgrades will take up to a number of years.
Since March 2008 NXP has repeatedly offered to the Radboud University Nijmegen to publicly recognize their findings and scientific achievements related to MIFARE Classic. NXP will continue working closely with its MIFARE Classic customers and partners and advises them to urgently take appropriate security measures to protect their systems.
Back to MIFARE Classic >>
Home >
Technology >
Security >
MIFARE Classic > NXP statement on the court decision
2012-05-14, 10:45 AM
NXP statement on the court decision to allow the publication by Radboud University Ni
平板模式
