Weaknesses in the Classic card's security first became apparent when researchers partially reverse engineered the card's encryption system in 2007. Now a group from the Ruhr University in Bochum, Germany, has built on that work to develop a quick and straightforward method to alter the credit stored on some types of the card.
The Classic cards use 16 separate encryption keys to protect the information stored on the card. Timo Kaspar and colleagues studied the codes on one set of the cards currently in use, which are being used as a payment system by a million people in Germany. They found that each card used the same set of 16 codes and, once the team had identified them by building on the 2007 hack, Kaspar was able to alter the information stored on any card that used the system, if given access to the card.
Using a card reader built by the team, Kaspar was able to add credit to blank cards. To prove that the hack worked, he used the cards to purchase items such as coffee and ice cream. The cards only have to come near a reader to be activated, so a hacker with Robin Hood-style inclinations could hide a system in a public place so that anyone walking close enough would find that their card had magically filled up.
Read the full article here ......
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment