funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Gee, what a surprise: RFID is dangerous ...

From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rmslade () shaw ca>
Date: Wed, 25 Nov 2009 10:30:46 -0800
Thousands of travelers and consumers can fall victim to electronic pickpocketing 
and never even know it because they carry new credit cards and U.S. passports. 
Credit card issuers, along with the U.S. State Department, have begun installing 
radio frequency identification (RFID) chips in credit cards and passports because 
the technology holds more data than magnetic stripes and can be read quicker. 
But, that convenience, experts warn, can also put people at risk of having their 
information taken. RFID chips are commonly found in cards used to raise gates in 
parking garages and unlock doors at businesses. All one has to do is simply swipe 
the card in front of a reader. Within the last few years, that same technology has 
been introduced to credit cards and U.S. passports, potentially putting holders at 
risk. It does not matter if the cards are kept in a wallet or a purse since they can 
transmit through them when prompted by a RFID reader, which are for sale on 
eBay. Using free software, hackers using a RFID reader can easily obtain account 
numbers and expiration dates simply by placing the reader within a few inches of 
the card.  [I guess the media hasn't found out about antennae, yet - rms]  The only 
credit cards that are vulnerable are those that allow users to tap or pass a reader to 
pay rather than swiping. Some might also have a symbol on them that indicate 
they transmit.  [It is, of course, the symbol that is dangerous - rms]  

http://www.wfaa.com/home/Electronic-pick-pocketing-threatens-credit-cards-
passports-72070657.html 

======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
What is written without effort is in general read without
pleasure.                                           - Samuel Johnson
victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/NoticeBored http://twitter.com/rslade
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: