CVE-2024-29941
📋 TL;DR
This vulnerability allows attackers to extract default encryption keys from ICT MIFARE and DESFire firmware, enabling them to clone credentials for any site using these systems. Organizations using ICT access control systems with default encryption are affected. This compromises physical security by allowing unauthorized access to secured areas.
💻 Affected Systems
- ICT MIFARE and DESFire access control systems
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of physical access control systems allowing unauthorized entry to all secured areas, potential theft, sabotage, or unauthorized data access.
Likely Case
Unauthorized cloning of access cards leading to unauthorized building entry, theft of assets, or compromise of sensitive areas.
If Mitigated
Limited impact if custom encryption keys are used and physical security monitoring detects unusual access patterns.
🎯 Exploit Status
Exploitation requires physical access to firmware binary or access control hardware. The vulnerability is well-documented in public research papers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: N/A
Vendor Advisory: https://ict.co/media/1xdhaugi/credential-cloning.pdf
Restart Required: No
Instructions:
1. Contact ICT for firmware update guidance. 2. Replace default encryption keys with custom keys. 3. Reprogram all access cards with new encryption.
🔧 Temporary Workarounds
Replace Default Encryption Keys
allReplace factory default encryption keys with organization-specific custom keys
Consult ICT system administrator manual for key replacement procedures
Implement Multi-Factor Authentication
allAdd secondary authentication methods (PIN, biometrics) alongside card access
Configure additional authentication factors in access control system
🧯 If You Can't Patch
- Implement strict physical security monitoring and access logging
- Regularly audit access patterns and investigate anomalies immediately
🔍 How to Verify
Check if Vulnerable:
Check if system uses default ICT encryption keys by reviewing access control system configuration or contacting ICT support.Check Version:
Check firmware version through access control system administration interface or hardware labels.Verify Fix Applied:
Verify custom encryption keys are in use and test that old default-key cards no longer grant access.📡 Detection & Monitoring
Log Indicators:
- Multiple access attempts with cloned cards
- Access from unusual locations or times
- Card duplication alerts
Network Indicators:
- Unusual access control system communication patterns
SIEM Query:
AccessControlSystem AND (CardCloning OR MultipleAccessAttempts OR UnusualAccessPattern)