Monday, January 30, 2012

‘Embarrassingly simple’ hack could leave up to 100 million credit cards exposed

As many as 100 million credit cards in active use today contain a technology that can be tricked into exposing the users’ account to fraudulent transactions, according to a hacker who demonstrated the exploit on stage this past weekend at a conference in Washington, D.C.

Speaking at the Shmoocon hacker conference on Saturday, security researcher Kristin Paget demonstrated a hack that she called “embarassingly simple” in which she “stole” someone’s credit card data, embedded it onto a blank magnetic card, then paid $15 into her own bank account, all without ever even touching or viewing her willing victim’s card.

According to Forbes reporter Andy Greenberg, she used a cheaply available radio frequency identification (RFID) reader to procure the card number, expiration date and CCV code. Inputting that information on a small card magnetizing tool that sells for approximately $300, the card was replicated in an instant then swiped through a cheap iPhone attachment that allows users to accept credit card payments. With that, she charged the card $15, then paid her volunteer $20 in cash for the trouble.

Devices that ping any nearby RFID chips can be purchased for as little as $2 in some cases, and because credit cards have localized security instead of an encrypted response that must be validated through the company’s servers, they can be tricked into giving up their crucial details upon request.


No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...