With Apple also embracing it, the technology is set ot make a revolutionary boom.

And as with every popular technology, the hacks and attacks have now begun to surface against RFID cards.

Researchers atTrendMicro Labshave discovered that hacking RFID based payment cards is possible through a Android App.

Hacking RFID Payment Cards Now Possible with an Android App

Manufacturer and memory content of a MIFARE Classic card

Android App as the medium

Trend researchers have discovered a high-risk Android app detected asANDROIDOS_STIP.Ain Chile.

Paying via RFID cards is becoming more popular nowadays as more mobile devices add NFC support.

Banks, merchants or public services issue RFID cards to their customers with prepaid credits.

Hacking RFID Payment Cards Now Possible with an Android App

Manufacturer and memory content of a MIFARE Classic card

The Apple Pay service has only added to the momentum of NFC based payments.

How was the tools author able to rewrite the cards information despite not having the correct authentication keys?

This is because these cards are based on an older version of the MIFARE.

Hacking RFID Payment Cards Now Possible with an Android App

Manufacturer and memory content of a MIFARE Classic card

MIFARE refers to a family of chips widely used in contactless smart cards and proximity cards.)

series of cards (MIFARE Classic), which is known to have multiple security problems.

Trend Micro researchers have given the instance of recent hacking ofBIP.

Hacking RFID Payment Cards Now Possible with an Android App

This is however restricted to only these specific cards because of the format restrictions.

Using tools available in abundance, the attacker managed to crack theauthentication of the cards.

Once that was done, the card was cloned and the data on it rewritten through the android app.

spot_img

The social security card has approximately seven million users.

The other two use MIFARE DESFire, which in turn are vulnerable to side-channel attacks.

Once the keys have been leaked the card can be manipulated to any extent according to the attackers wishes.

These cards have been discontinued a long time ago, because of the risks mentioned.

But looks like some organizations have preferred using the older cards thus putting their customers at risk.

Resource :TrendMicro Labs

Read More

source: www.techworm.net