Ask Hack-A-Day

swipeless

You may have heard that MasterCard is rolling out swipeless cards. I was alarmed by the quote: “point to the success of ExxonMobil’s SpeedPass system”. You mean the RFID system that was cracked and TI refused to acknowledge? There has been other RFID spoofing work that has proven that the action of reading the card makes it more insecure. What do you think of this new rollout and what percentage of your body will you be covering in tinfoil (freezer grade, shiny side out)?

Comments

  1. John says:

    considering i wont ever use mastercard again, it appears that 0% of my body surface will be covered in foil (apart from what is already on my head

  2. digitalFX says:

    agreed, if they try to send me one of these they’ll be getting it right back. I hope they offer the option of an rfid free card.

  3. Tired2 says:

    Our new school ID’s can be linked to our wells fargo bank account to take the place of our debit cards (www.txstate.edu)… When I found out that they also have an embeded RFID tag in them, I opted out of the link to my account. Plus, now I only have one card to lose.

  4. Sorensenk says:

    Well I recently turned 18 and I’m looking for a credit card. Good to know MC is doing this, so I don’t get buggered in the end. :-P

  5. matt damon says:

    I wonder if this will then trickle down to my bank’s debit card (which is mastercard). Will suck really. But it’ll just be more incentive to go finally apply for an AMEX card or something else instead of using my debit card as a credit card (yay for no growth on my credit report *cry*).

  6. joejack says:

    my college uses a “checkpoint” rfid system to get in and out of dorms. I wonder if I could do something fun…

  7. steve says:

    i do a lot of work with wireless networking and massaging 802.11x hardware beyond its intended abilities, however i have no experience in the rfid area of wireless snooping. what id like to know, however, is whether anyone has intentions to obtain one of these cards and test them in a manner similar to the one present at the following address: http://rfidanalysis.org/ ..it would be educational to consumers, those that provide cards to consumers, and to the security field in general. by my estimation, it should be done, and quickly.

  8. nevjr says:

    im epoxying the foil to my wallet right now

  9. digitallysick says:

    wow this is amazing, i dont know what the chances are of “scanning” someone with a speed pass, but it looks like it will be worth the trouble, this rocks!

  10. weaszel says:

    i think we should be more worried about the fact that steve is massaging 802.11x hardware…

  11. CDE says:

    I would be the first to “scam” them, Scopes Monkey style. I’ll just say someone stole the rf and charged me a shitload. Then when (Or I should say if) they find out, I’ll just say that it is completely possible and show proof, via University Exxon Speedpass papers and such.

    And you don’t need to be able to write to the cards, just steal the info on them and spoof them at cash registers. But I don’t see any incentive to using this unless MC (and Amex which the article mentions) develop compatible readers and provide them free of charge and extra fees to their clients.

    (Ohh, and everybody should be paying by debit card, since they charge you extra money if you pay cash… think about the fees they get for processing credit cards and yet you never get charged more for using it…)

  12. Steyr says:

    Heh, woohoo, a new kind of card for the lazy-assed american that’s too fat and weak to swipe their own fucking card. I’ll bet you card swiping is the primary cause of cancer in old people. I say we just id-theft anyone who’s so lazy they need a swipeless card.

  13. John says:

    wow. i think this commemorates the first full color photograph on HAD ever. congrats guys

  14. annie_LINUX says:

    The subway system here has RFID passes. I’ve been wanting to tinker with the card for a while…it’d be fun if I could write money to it.

  15. Tristan says:

    John: There’s been one before, but you’re right — it isn’t very common.

  16. Tristan says:

    correction: there have been plenty.. just look at the past few weeks.

    on a more hack-a-day note, I’m planning on picking up a new cellphone sometime soon. are there any suggestions on what I should get to hack the most?

  17. Bodie J says:

    *checks CC’s* Ha ha, I only have VISA.

  18. Penguin says:

    At the movie theater where I work, we’ve had the readers for about six months or so. Preemptive strike, I guess.

  19. jaded says:

    tristan

    i just bought a razr. while i wouldn’t recommend motorola’s software to a retarded dog (crappy address book application, broken bluetooth implementation) it has great voice quality, a good camera, and best of all is end-user hackable. check out http://www.motomodders.net/ there is a large community of hackers that are replacing firmware, images, and changing control bytes in their phones.

    there is also a cheaper clamshell version that isn’t as thin as the razr (v330 i think) but runs the same software and is just as hackable.

    when i get enuf courage (and a cable :-) i’m going to try upgrading my firmware to see if it helps with some of the crashing issues i’ve had.

    but i still think their phone book application is teh suck.

  20. ryan says:

    digitally sick, read back a few (ok maybe something like 5) pages back, we’ve already hacked Exxon speedpasses, how long do you think it will be before this is hacked? and would you really trust me with your credit card?

    the RFID tags use (you guessed it) radio frequency to send info, this means that the scanner picks up the info *over the air* (just like wi-fi, and you know how hard that is to crack!) at least with traditional credit cards there isn’t any over the air signals, so someone will pretty much have to physically have your card to do damage. imagine if they could just have a scanner twenty feet away hidden inside of a backpack (and i give it two weeks before some geek figures out a way to record your rfid info to an ipod) then rebroadcast it with a walkie talkie. sound fun?

    ok, i’ll admit that it might be more than a walkie talkie, but something that broadcasts radio signals can broadcast… radio signals…

    p.s. imagine if someone recorded your info on an ipod with a rfid scanner, and broadcasted it with one of those microphones that can be played on stereos set to a specific radio station hooked up to the headphone jack. think it could work? someone needs to teach digitallysick a lesson

  21. Tom says:

    For those of you who are curious: judging by the image, those are Xilinx Spartan II FPGAs on XSA evaluation boards made by Xess. Very nice; fun to play with. FPGAs are the bomb-diggity. For those hobbiests out there, I highly suggest getting one. If you like coding in C or ARM, try the XPort 2.0 board for GameBoy Advance. Charmed Labs makes it. I used one to build a GPS cartridge for GBA

  22. Wim L says:

    American Express just sent me an RFID-looking card too. (American Express “Blue” is the AmEx variant aimed at dot-com-era geeks: lots of cool features, most of which never materialize. My last card from them had a ISO7816-type contact pattern on it, which would supposedly be useful for something or other. Never did find out what.) It’s got an embedded chip and spiral antenna and some vague marketing wordage about how easy it’ll be for me to pay for stuff with it. If, that is, I ever use it for something.

    Hmmm, here we go: http://www.rfidjournal.com/article/articleview/1297/1/11/

    The article mentions that “American Express, Visa and MasterCard are all offering RFID-based contactless payment options”. They’re the 13.56-MHz style card. No info on whether it’s a cryptographically strong exchange (ha!) or just the usual “broadcast your card number to all listeners” kind of thing.

    Um, is there a way to avoid having my comment forced to all lower-case?

  23. hillpor says:

    i have a bank of america debit card account is overdrawn of course and would like to add funds quickly

  24. hillpor says:

    AND FOR FREE

  25. aaron says:

    some one gave me a ghoste an i want to know how to get him back

  26. Suzie mercy says:

    Hello,

    I need someone who can transfer money into a wellsfargo account,bank of america,barclays bank and fifth third bank,So we are going to share the money 60% while %40 for you.So i will be waiting to hear from you.

    Thanks
    Suzie

  27. BJ says:

    This is Cool, any way i need a bank hacker and hope i will find a trusted friend here…..BJ

  28. jessica says:

    i’d like to find out my ex-bf’s e-mail password, to his Ohio State University e-mail account, so I can erase some of the e-mails i’ve sent him that are totally irrelevent, and i wrote when i was pissed off. If you could please find someone to do this, or tell me how, i’d appreciate it. e-mail me above and i’ll give you his info. Thanks.

  29. jessica says:
  30. blueeee says:

    Hi,

    I have a list of debit card numbers with personal information, I want a bank account where I can transfer the funds from these debit cards, how do I do that? Can anybody help? Can share the profits with you? All debit cards are UK origin.

  31. blueeee says:

    Hi,

    I have a list of debit card numbers with personal information, I want a bank account where I can transfer the funds from these debit cards, how do I do that? Can anybody help? Can share the profits with you? All debit cards are UK origin.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 94,063 other followers