Infineon p(x)Card and possible backdoor

Hi team !

My attention was called regarding a possible backdoor existing on “Infineon-chipped” cards, allowing an insider to access freely the content of an Infineon NFC card.
Since there is no PIN code or anything, could you please tell us what’s the security scheme behind the p(x)card and which chip it’s embedded with ?

Thanks.

Regards,
@FrenchXCore

Source 1: MIFARE Classic: exposing the static encrypted nonce variant... and a few hardware backdoors - Quarkslab's blog
Source 2: https://eprint.iacr.org/2024/1275.pdf

3 Likes

Up !! (7 days passed without ack) @zaccheah @DavidK

1 Like

I have the card but I have not used it because I have my doubts and so far I have not had a response.

Well. I’m assuming the card is supposed to be a “small wallet” card.
Thus, you should just transfer enough tokens on it to use it to pay small stuff on XPOS terminals.

However, even if an XPOS can request a P(x)Card to sign a transaction with its private key doesn’t mean everyone can access the private key. It just means everyone who is in physical ownership of that card can use its content to pay (for as long as there are tokens on it), which is different in principle from having access to the p(x)Card private key.

That’s why I’m asking some more info.

Regards,
@FrenchXCore

1 Like

the card is the key, if it’s a card you want to hold a larger amount on - why would you carry it around, when doing a transaction with any card you should be the only one tapping the card just as a security note - with the transaction your signing visible to you - the cards do not show the seed because there is not a visible seed as far as I’m aware, so only the holder of the card has control of the wallet; the card is connected to - even if your wife has the same card connected on her device she can view the wallet but if you have the card at a different store she cannot TX or manage any Crypto in the wallet, so there would be double actions needed in order to get in, they can’t see or load your wallet onto their system at the same time as you do an Xpos TX signing (Tap), if anyone has your card they have your funds, an xpos TX only shows them what your spending to sign for (Tap) nothing more. At this time an XPOS is the only thing other then your device the card should be near, In what circumstance do you believe your card is in jeopardy

@LKYBOB ,

I’m sorry, but I’m having a very hard time trying to understand what you’re writing.
I understand that the card is the key, and that anyone in possession of the p(x)Card is able to sign any transaction related to the wallet the card is “holding” (since there is no PIN code or anything).

Thus, I believe that whether it’s an Infineon card or anything else, there’s absolutely no security behind the p(x)Card, as far as I understand : and that’s not very good news actually.
But what’s even more bothering me is that the p(x)card might be useless if anyone can access your p(x)card from (let’s say) inside the subway when people are close, in the case there would be a backdoor on the card. Anyone could empty your p(x)card wallet without you even noticing it, just by accessing the private key inside the card.

Innovation is about bringing solution to a user’s problem. If we’re coming back to past problems, that’s regression, and we need to move forward with better solutions.

Regards,
@FrenchXCore

1 Like

I think just because the Project has not responded, you should stop building panic.

I remember asking the Infineon developers back when these where coming out about the Chip security as at that time I had seen a product out that could copy different types of NFC chips, The Infineon group said there was no threat, Best way to have better idea about the chip’s security maybe is try and find the original conversations about the cards - as I’m sure they listed the security level, I really think building panic they went through development of creating a payments crypto card without any level of security Extremely unreasonable & Impossible to take seriously.

Proximity also is impossible - these cards need like (tap) close Proximity to a device to activate I’m Sure. if you have notifications on too, the wallet would send any changes happening in the wallet.

Dear @LKYBOB ,

I’m not building panic : I’m just stating academic research state-of-art.
This is the whole purpose of Emergency response Teams which have been built and setup all over the world to protect everyone’s security.
I don’t see any of your “affirmation” being supported by any technical reference document.
As a reminder, some public transportation and credit cards are currently being hacked in the subway, in situations of close proximity, due to NFC technology, even for some of them which are “tap” NFC cards.

So, please don’t state “I’m building panic”, which I’m not : I’m just asking (and asking again) about reference documents or technical answers to the points being made.

If asking any question which is not going exactly in direction of the project is being FUD, the project will never progress… And yet, FrenchXCore has still been around and participating actively over PundiX anf FunctionX since 2019.

Regards,
@FrenchXCore

2 Likes

@zaccheah or @DavidK do we have a consultant for Infineon to relieve FrenchXCore of his concerns, and a link to the medium threads about the security aspects of our cards back from the development stage I remember the AMA where we talked about the security; I’m sure there was written material somewhere, Cheers

p(x)Card, the most affordable and easy-to-use hardware wallet card that is built upon Infineon technologies SECORA™ Blockchain security solution and Function X network infrastructure.

I cannot see a relation in your source information that relates to the Infineon SECORA secured cards, https://www.infineon.com/cms/en/product/security-smart-card-solutions/secora-security-solutions/secora-pay-security-solutions/

Hi again !

Thanks for the refs…

Looks like cards being used for p(x)Card are mostly SLJ52(GDA/GDT/GLA/GLT) cards, relying on Secora technology and those 2 interfaces : ISO 14443 A/B and ISO 7816.

The security article talks about a Mifare issue, over ISO/IEC 14443-3 Type A cards. The issue is the implementation of a default key (each sector is being protected by a different key on Mifare NFC cards) and they found that default key being implemented over an older Infineon card.

Let’s just hope now that the new Infineon cards used for p(x)Card don’t have that issue when using the 14443 interface.

For now, my conclusion would be that there is a very low risk for p(x)Card private keys being exposed to “malicious hackers” (especially as those people would also need to be very close to the p(x)Card).

And if I had one recommendation, it would be to :

  1. integrate p(x)Card within f(x)Wallet, and implement a “p(x)Card quick top-up” feature over f(x)Wallet, so that users can easily and quickly “load” their p(x)card if required (and avoid an n-th application to be used)
  2. remind users to keep p(x)Card for daily use applications since the physical loss of their card would mean the physical loss of their tokens, NFTs, etc., and would also imply that, just like credit cards “contactless” transactions, some hackers might exploit very close proximity in the future (just like in the subway in Paris - but transactions there are limited to 3 * maximum 50€ transactions and 150 € max before being forced to enter a PIN code).

Side frustrating feature:
It would be to “NOT FORCE OPEN” the p(x)Card app each time an NFC card is detected : it pushed me to uninstall the p(x)card app because the proximity of any of my NFC credit cards, transport card, health card would open constantly the p(x)Card app.

Regards,
@FrenchXCore

P.S.: See, in the end, the conclusions of this discussion is mostly informative and constructive.

3 Likes