RFID hacked: TV station finds chips are toast

RFID chip pulled from new credit card

RFID chip pulled from a credit card

Television group reveals serious security flaws with RFID-equipped credit and debit cards

By ECM Plus staff

ECM Plus +++ A consumer television report into the insecurity of radio frequency ID – or so-called ‘RFID’ -equipped credit and debit card chips has shocked the security industry.

One vendor, SecurEnvoy said the apparent ease with which RFID has been hacked to create a `magic wand’. With the ability for anyone to effectively read RFID cards at a distance clearly demonstrates that RFID is no longers fit for purpose, observers say.

Apparently, the report from the Portland, Oregon-based TV channel Katu, found that a mere US$20-worth of electronics could read card details of payment cards in people’s wallets at a range of four inches.

According to security firm SecurEnvoy, while four inches may not seem much of a distance, in a crowded subway, tube or on a bus, with people pressed up close to each other, the possibilities for card fraud are “significant” they said.

Although the RFID system seen on Visa Paywave and Mastercard Paypass are designed for low value transactions, once the card details have been downloaded into a reader wand’s memory, they can then be used – as these researchers have clearly proven – to make fraudulent online purchases, a SecurEnvoy spokesman said.

With stores in many city areas of the USA and Canada accepting Paywave and Paypass – and now even Britain increasing the quantity of RFID-accepting merchants in preparation for the Olympic Games in 2012, if the TV station had discovered this loophole in the Visa/Mastercard RFID system, then criminals are certain to have also made similar discoveries, a SecurEnvoy spokesman added.

“And even if they haven’t tumbled to the security problem yet, once news of this TV station’s breathtaking research spreads, they will start deploying this technology to harvest card details from unsuspecting commuters,” he added.


Advertisements

1 Comment

Filed under Content Security, Industry News, Mobile Analytics, Mobile Apps, Mobile communication, Mobile Content, Risk Assessment, Risk Management, Scanning, Security Content Management (SCM), Telecommunications

One response to “RFID hacked: TV station finds chips are toast

  1. Stephen

    There are two separate specific chips here.

    The first is RFID, which is simply an electronic bar code and stipulates “I am a tin of beans” or “I am a copy of Das Kapital” or what have you and is designed to be globally read.

    The second, as far as credit cards etc are concerned, contains most data in encrypted form. The only cards that are insecure are the first generation ones that were issued in 2006, so these are the only ones that are currently possibly insecure.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s