RE: [funsec] Vulnerabilities in First-Generation RFID-Enabled CreditCards

Larry Seltzer Larry at
Mon Oct 23 09:24:03 CDT 2006

I read the NYT article. It smelled of laziness that could be relatively
easily addressed in gen 2.
How about a fingerprint reader on the card that you nave to contact in
order for it to transmit? 
Larry Seltzer Security Center Editor <blocked::>
Contributing Editor, PC Magazine
larryseltzer at 


From: funsec-bounces at [mailto:funsec-bounces at]
On Behalf Of rms at
Sent: Monday, October 23, 2006 9:30 AM
To: funsec at
Subject: [funsec] Vulnerabilities in First-Generation RFID-Enabled

Here are all of the technical details.  I'm still scratching my head why
a RFID credit card doesn't have a little momentary contact switch which
must be pushed in order to activate the RFID chip.  With this simple
addition, cards can't be read on the sly.

Vulnerabilities in First-Generation RFID-Enabled Credit Cards

Monday, October 23, 2006 

RFID CUSP scientists have studied the security and privacy of
RFID-enabled credit cards. Here Ari Juels gives an overview of the

Consumers in the United States today carry some twenty million or so
credit cards and debit cards equipped with RFID (Radio-Frequency
IDentification) chips. RFID chips communicate transaction data over
short distances via radio. They eliminate the need to swipe cards or
hand them to merchants. Consumers can instead make payments simply by
waving their cards-or even just their wallets-near point-of-sale

While appealing to both consumers and merchants, the convenience of RFID
credit cards has a flip side. What a legitimate merchant terminal can
read, a malicious scanning device can also read without a consumer's
consent or knowledge. RFID credit cards therefore call for particularly
careful security design.

A report released today by a team of scientists in the RFID Consortium
for Security and Privacy (RFID-CUSP) <>
reveals lapses in the security and privacy features of several types of
currently deployed RFID credit cards. The report (of which I am a
co-author) highlights two basic vulnerabilities in the cards under

1.	Names in the clear: The RFID credit cards transmit bearer names
promiscuously. Any device capable of scanning a card can learn the name
imprinted on it-with or without the owner's consent. 

1.	Payment fraud: In varying degrees, the RFID credit cards are
vulnerable to an attack called "skimming." An attacker with an RFID
reader can harvest information from a card, create an inexpensive clone
device, and make charges against the legitimate card. (Alternatively, an
attacker may be able to perform online transactions with harvested
credit-card information.) Skimming requires minimal technical expertise
and expense. 


For details on the RFID-CUSP study, visit
<> .

Technical manuscript 

Our technical paper is available in draft form: PDF

Video demonstration 

We have a short video demonstrating some of the attacks from a technical
perspective. Please excuse our poor-quality video techniques: 11MB

Check back next week for Part 2, a non-technical video.


-------------- next part --------------
An HTML attachment was scrubbed...

More information about the funsec mailing list