Posted on 03/20/2008 8:15:59 AM PDT by LibWhacker
Hacker gives live video demonstration
Following on from last weeks story about how the MIFARE Classics RFID chip, as used in London Transports Oyster card, had been compromised, BoingBoing has gone a step further. It gave a video demonstration of a hacker demonstrating how easy it is to extract details from a RFID-equipped credit card.
In the video, the hacker Pablos Holman boasts that he is able to decrypt the data using an eight dollar reader from eBay. One quick swipe of the reporters American Express card later and he appears to have done just that, with the cardholders name and expiry date both visible.
Youll get that from most cards, explains Holman, before adding now we can go online and start shopping.
Holman then offers his explanation as to why the use of RFID technology is spreading despite its obvious security flaws. The credit card industry understands that creating a secure system isnt really the priority; creating a system that feels secure to the user is. In reality its easier for me to get numbers now than it was before.
Security risk
Mr Holmon then shows how RFID card carriers could protect themselves from readers with the aid of a metal wallet, before offering his views on how much of a security risk RFID-equipped credit cards really pose:
I dont expect this to be a major threat for a while. People are stealing credit card numbers from websites and thats still pretty easy, he says, before adding, somewhat more ominously with a bigger antenna hooked up to this I can go into Starbucks and get the name of everyone in there.
You wanna opt out of RFID? You better contact your Congressman about the Federal Real ID then... they want to make the “advanced” IDs RFID readable to “facilitate increased western hemisphere travel” (immigration)
What’s the world coming to when your wallet needs shielding?
I called AmEx and they said they don’t offer an alternative. They offered to turn it off remotely, but how do I know really and what’s to stop them from turning it on again.
9/11 1984 aigh!
It’s easy to disable RFID yourself, and detecting the chip is fairly trivial as well.
http://wvp.diablops.com/component/content/article/67-braindead/37-bad-paypass-bad.html
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.