Assessment of the blocking cards effectiveness in protecting Mifare Classic smart card

Smart Cards are physical cards that can connect to a reader either by direct physical contact or through a short-range wireless connectivity standard such as Radio-Frequency IDentification (RFID) or Near Field Communication (NFC). In particular, due to their speed and convenience, contactless smart cards are rapidly becoming one of the most widely used technologies with major deployments worldwide in applications such as micropayment, physical and logical access control, corporate IDs, and automatic fare collection. The MIFARE Classic produced by NXP Semiconductors is currently one of the most used contactless smart cards, with more than 5 billion cards sold worldwide. Due to their use cases, smart cards are increasingly being targeted by cybercriminals who want to retrieve users’ sensitive information or any profitable data. As a consequence, several countermeasures have been designed, such as blocking cards, which currently represent one of the most common and affordable defense mechanisms. They are usually kept in a pocket or wallet to block potential attacks by emitting a noisy jamming signal or physically shielding the smart card. This work introduces an attack against the MIFARE Classic smart card that can be carried out even in the presence of a blocking card, employing a Software Defined Radio (SDR) to capture and analyze the raw signal of a communication between the card and the reader. Then, we analyze the effectiveness of five different blocking cards by comparing their performance in protecting a MIFARE Classic from the introduced attack. Finally, by analyzing them individually, we will show how blocking cards that add noise signals at multiple fixed frequencies offer the highest possible level of protection.