RFID credit cards are easy prey for hackers, demo shows

With a simple hack and minimal equipment, a security researcher demonstrates how easily thieves can make your data their own.

By Katherine Noyes, PC World |  Security, Mobile Security, RFID

It's been known for some time that there are security issues associated with the increasing use of RFID tags in credit cards, but this past weekend afforded a fresh demonstration of just how easy it is for hackers to take advantage of them.

Onstage at the Shmoocon hacker conference in Washington, D.C., Recursion Ventures security researcher Kristin Paget used about $350 in equipment to wirelessly read a volunteer's RFID-enabled credit card and then encode its key data onto a blank card, as described Monday by Forbes.

Next, she used the fraudulent card and a Square Card Reader to make a payment to herself.

'Embarrassingly Simple'

Elaborate trick? Far from it: "This is an embarrassingly simple hack, but it works," Paget told Forbes.

Essentially, it's possible because much the way the store's point-of-sale device reads the data on a contactless card wirelessly, so, too, can pretty much any RFID reader--through standard wallets and clothing, and regardless of the encryption or security measures that are in place, Paget said.

Today's contactless cards don't make the user's name, PIN, or permanent three-digit CVV code wirelessly available, the report notes; they also use a one-time CVV code with each scan so as to prevent repeated fraudulent use. In six years of use, there reportedly haven't been any documented cases of this kind of fraud, either.

Still, Paget's demonstration shows how easy it would be for one or more hackers to scan numerous victims' cards, even just to use each of them once.

Three Seconds on 'High'

So what can you do to protect yourself and your business?

First, determine if any of your cards are RFID-enabled. PayPass and payWave, for example, are two of the leading names under which this technology is offered in the United States.

Assuming you do have one, there are a few steps you can take to protect it. Among the more drastic options, certainly, is toasting your RFID chip in the microwave--three seconds will kill it, Paget reportedly told Forbes. Of course, then you can kiss your contactless payment capabilities goodbye as well.

Duct Tape and Aluminum Foil

Recursion Ventures, meanwhile, is reportedly working on a high-powered protection device for RFID-enabled credit cards, but it's still in the prototype stages.


Originally published on PC World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness