Team for Research in
Ubiquitous Secure Technology

Vulnerabilities in First Generation RFID-enabled credit cards
Kevin Fu

Citation
Kevin Fu. "Vulnerabilities in First Generation RFID-enabled credit cards". Talk or presentation, 22, May, 2007.

Abstract
RFID technology appears in a huge array of products ranging from clothing and airport luggage to subway tickets and credit cards. This talk will examine recent privacy and security vulnerabilities discovered in RFID-enabled credit cards. An estimated 20 million RFID-enabled credit cards are already in circulation in the United States. Using samples from a variety of RFID-enabled credit cards, our study observes that the cardholder's name and often credit card number and expiration are leaked in plaintext to unauthenticated readers, our homemade device costing around $150 effectively clones one type of skimmed cards thus providing a proof-of-concept implementation for the RF replay attack, information revealed by the RFID transmission cross contaminates the security of RFID and non-RFID payment contexts, and RFID-enabled credit cards are susceptible in various degrees to a range of other traditional RFID attacks such as skimming and relaying.

Electronic downloads


(No downloads are available for this publication.)
Citation formats  
  • HTML
    Kevin Fu. <a
    href="http://www.truststc.org/pubs/250.html"
    ><i>Vulnerabilities in First Generation
    RFID-enabled credit cards</i></a>, Talk or
    presentation,  22, May, 2007.
  • Plain text
    Kevin Fu. "Vulnerabilities in First Generation
    RFID-enabled credit cards". Talk or presentation,  22,
    May, 2007.
  • BibTeX
    @presentation{Fu07_VulnerabilitiesInFirstGenerationRFIDenabledCreditCards,
        author = {Kevin Fu},
        title = {Vulnerabilities in First Generation RFID-enabled
                  credit cards},
        day = {22},
        month = {May},
        year = {2007},
        abstract = {RFID technology appears in a huge array of
                  products ranging from clothing and airport luggage
                  to subway tickets and credit cards. This talk will
                  examine recent privacy and security
                  vulnerabilities discovered in RFID-enabled credit
                  cards. An estimated 20 million RFID-enabled credit
                  cards are already in circulation in the United
                  States. Using samples from a variety of
                  RFID-enabled credit cards, our study observes that
                  the cardholder's name and often credit card number
                  and expiration are leaked in plaintext to
                  unauthenticated readers, our homemade device
                  costing around $150 effectively clones one type of
                  skimmed cards thus providing a proof-of-concept
                  implementation for the RF replay attack,
                  information revealed by the RFID transmission
                  cross contaminates the security of RFID and
                  non-RFID payment contexts, and RFID-enabled credit
                  cards are susceptible in various degrees to a
                  range of other traditional RFID attacks such as
                  skimming and relaying.},
        URL = {http://www.truststc.org/pubs/250.html}
    }
    

Posted by Alvaro Cardenas on 3 Apr 2007.
Groups: trustseminar
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.