Vulnerabilities in First Generation RFID-enabled credit cards

Vulnerabilities in First Generation RFID-enabled credit cards
Kevin Fu

Citation
Kevin Fu. "Vulnerabilities in First Generation RFID-enabled credit cards". Talk or presentation, 22, May, 2007.

Abstract
RFID technology appears in a huge array of products ranging from clothing and airport luggage to subway tickets and credit cards. This talk will examine recent privacy and security vulnerabilities discovered in RFID-enabled credit cards. An estimated 20 million RFID-enabled credit cards are already in circulation in the United States. Using samples from a variety of RFID-enabled credit cards, our study observes that the cardholder's name and often credit card number and expiration are leaked in plaintext to unauthenticated readers, our homemade device costing around $150 effectively clones one type of skimmed cards thus providing a proof-of-concept implementation for the RF replay attack, information revealed by the RFID transmission cross contaminates the security of RFID and non-RFID payment contexts, and RFID-enabled credit cards are susceptible in various degrees to a range of other traditional RFID attacks such as skimming and relaying.

Electronic downloads

(No downloads are available for this publication.)

Citation formats

HTML

Kevin Fu. <a
href="http://www.truststc.org/pubs/250.html"
><i>Vulnerabilities in First Generation
RFID-enabled credit cards</i></a>, Talk or
presentation,  22, May, 2007.

Plain text

Kevin Fu. "Vulnerabilities in First Generation
RFID-enabled credit cards". Talk or presentation,  22,
May, 2007.

BibTeX

@presentation{Fu07_VulnerabilitiesInFirstGenerationRFIDenabledCreditCards,
    author = {Kevin Fu},
    title = {Vulnerabilities in First Generation RFID-enabled
              credit cards},
    day = {22},
    month = {May},
    year = {2007},
    abstract = {RFID technology appears in a huge array of
              products ranging from clothing and airport luggage
              to subway tickets and credit cards. This talk will
              examine recent privacy and security
              vulnerabilities discovered in RFID-enabled credit
              cards. An estimated 20 million RFID-enabled credit
              cards are already in circulation in the United
              States. Using samples from a variety of
              RFID-enabled credit cards, our study observes that
              the cardholder's name and often credit card number
              and expiration are leaked in plaintext to
              unauthenticated readers, our homemade device
              costing around $150 effectively clones one type of
              skimmed cards thus providing a proof-of-concept
              implementation for the RF replay attack,
              information revealed by the RFID transmission
              cross contaminates the security of RFID and
              non-RFID payment contexts, and RFID-enabled credit
              cards are susceptible in various degrees to a
              range of other traditional RFID attacks such as
              skimming and relaying.},
    URL = {http://www.truststc.org/pubs/250.html}
}

Posted by Alvaro Cardenas on 3 Apr 2007.
Groups: trustseminar
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.