32C3: Shopshifting — Breaking Credit Card Payment Systems

December 30, 2015 by Elliot Williams 19 Comments

Credit card payment systems touch all of our lives, and because of this there’s a lot riding on the security of that technology. The best security research looks into a widely deployed system and finds the problems before the bad guys do. The most entertaining security presentations end up finding face-palmingly bad practices and having a good laugh along the way. The only way to top that off is with live demos. [Karsten Nohl], [Fabian Bräunlein], and [dexter] gave a talk on the security of credit-card payment systems at the 32nd annual Chaos Communications Congress (32C3) that covers all the bases.

While credit card systems themselves have been quite well-scrutinized, the many vendor payment networks that connect the individual terminals haven’t. The end result of this research is that it is possible to steal credit card PINs and remotely refund credits to different cards — even for purchases that have never been made. Of course, the researchers demonstrate stealing money from themselves, but the proof of concept is solid. How they broke two separate payment systems is part hardware hacking, part looking-stuff-up-on-the-Internet, and part just being plain inquisitive.

Continue reading “32C3: Shopshifting — Breaking Credit Card Payment Systems” →

ShmooCon 2009: Chris Paget’s RFID Cloning Talk

February 16, 2009 by Eliot 13 Comments

When we first saw [Chris Paget]’s cloning video, our reaction was pretty ‘meh’. We’d seen RFID cloning before and the Mifare crack was probably the last time RFID was actually interesting. His ShmooCon presentation, embedded above, caught us completely off-guard. It’s very informative; we highly recommend it.

The hardest part about selling this talk is that it has to use two overloaded words: ‘RFID’ and ‘passport’. The Passport Card, which is part the the Western Hemisphere Travel Initiative (WHTI), is not like the passport book that you’re familiar with. It has the form factor of a driver’s license and can only be used for land and sea travel between the USA, Canada, the Caribbean region, Bermuda, and Mexico. They’ve only started issuing them this year.

Continue reading “ShmooCon 2009: Chris Paget’s RFID Cloning Talk” →

Hackaday

payment card

2 Articles

32C3: Shopshifting — Breaking Credit Card Payment Systems

ShmooCon 2009: Chris Paget’s RFID Cloning Talk

Search

Never miss a hack

If you missed it

Raspberry Pi Enters Microcontroller Game With $4 Pico

Blue Pill Vs Black Pill: Transitioning From STM32F103 To STM32F411

A New Era Of Spacecraft Delivers Science On Time

TV Detector Vans Once Prowled The Streets Of England

Teardown: Tap Trapper

Our Columns

Hackaday Links: January 24, 2021

New Parts, New Hacks

Meet The Magic Eye Vacuum Tube

Hackaday Podcast 102: Raspberry Pi Microcontroller, Microphone Killswitch, And A 45-Degree 3D-Printer

This Week In Security: OpenWRT, Favicons, And Steganographia

Search

Never miss a hack

Subscribe

If you missed it

Our Columns