Results 1 to 3 of 3

Thread: rfid passport/chipcard/credit card hacking?

  1. #1
    Just burned his ISO loxdebox's Avatar
    Join Date
    Feb 2008
    Posts
    7

    Default rfid passport/chipcard/credit card hacking?

    Yesterday, the dutch news reported that a government plan to introduce a chip card for public transport has been delayed because students were able to crack it.
    ( htt p:// ww w.cs.vu.nl/~ast/ov-chip-card/ )
    The were able to hack the card, copy the information, reset the value on the card, and copy personal data on it, now i believe RFID is also in my passport? And are in some credit cards?
    Are they also in items that i might not be aware of?
    With this technology they seem too totally forget privacy/security for user comfort, any of you have an opinion on this, or some more information.

    Thanks

  2. #2
    Junior Member
    Join Date
    Nov 2007
    Posts
    79

    Default

    Well I know that the london underground system also uses Mifare and the Oyster card designers know about the hack.

    Their problem is that all other chips which use a better encryption are more expensive.
    I think each oyster card costs about £4.00

    They give them away for free when making ticket purchases and they make the cost of card back in profits over time in use of the card.

    So at the moment I think they are just treading water to see what happens. Its a dangerous situation.
    They have had many meetings about the situation and have been investigating differing options regarding costings etc.

    It would be possible to carry out a sort of money loss program on a company with this business plan by applying for oysters and not using them each one costing the company £4.00 of total profit loss.

    It would take hundreds of thousands of users to make it even be noticed though. TFL (Transport for london have very deep pockets).

    So as far as Mifare and RIFD hacks go, Mifare is a cheap chip that because of the cost is unable to use decent encryption. I think that to get better encryption then the possible profit loss per card increases as does total time to make profit on each card.

  3. #3
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    This applies to a much larger area altogether. There have been a few threads regarding new RFID laws and plans for tracking the data through various media (drivers licences in California, major merchandising, vehicles, etc) and I can see this quickly devoloping into both a media and legitimate nightmare. Nevermind big brother for a sec, how about big business knowing what kind of underwear your wearing and when/where/with what credit card you purchased them with....

    Far fetched? Gawd I only hope so......



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •