A card tear-off attack (or tearing attack) is a type of fault injection that exploits how smart cards and NFC tags handle power interruptions during write operations. By pulling a card away from an RFID reader or cutting the power at a precise millisecond, an attacker can prevent the card's chip from finalizing state changes.
This interruption is primarily used to:
Reset Security Counters: Stop the card from recording failed authentication attempts or decrementing token values (e.g., in public transport).
Bypass Monotonic Counters: Attackers can reset protections, such as CVE-2021-33881 on MIFARE Ultralight and NTAG variants, allowing restricted features to be used multiple times. [
Unlock Memory: Force the card to leak information or unlock protected blocks (e.g., altering a UID on legacy EM4305 cards).
Modern cryptographic cards and readers mitigate these risks using built-in anti-tearing mechanisms, such as shadow registers or rollback checkpoints, that ensure data commits completely or reverts to a previous valid state.
Would you like to know more about how to protect specific systems against fault injection or how CVE-2021-33881 works in access control?