Driving in to work today one of the hosts on my favorite morning radio station #dc101 was talking about how she had her credit card number stolen. Just out of the blue, someone was shopping at Target and spent over $200 on random stuff, nothing really relevant to her, nor a place she generally shops at. The Target was quite a while away from her, how could this happen?
For some odd reason people started calling in, talking about when they had their cards stolen, and talking about how they thought it happened. Someone said their car was broken into and their numbers were stolen, someone else said that they went to a pizza shop that was compromised by a hacker, so on and so forth. It was a cavalcade of possibilities that... in the digital world didn't make sense.
Sure a hacker can intercept a digital line, sure they can break into your car, sure they can skim your magnetic strip when you put it in an ATM, but those points aren't for today's post. Instead today's post is about RFID scanners.
RFID, or Radio Frequency Identifier is a relatively old technology that was somewhat ahead of its time when it was invented. Over the years its found itself in all sorts of cool technology, you can get a RFID chip put in your dog, so if it goes missing a pound can scan its back and know who and where its from. Key cards have these little transmitters in them, so when you want to get in the office you just tap the wall, hear a beep, and the RFID chip transmitted data relevant to getting you in. There are MILLIONS of uses for radio frequency information.
This technology is so cool that credit card vendors have began putting them in their cards. Heck its mandated in the EU that all cards need this. Instead of swipping your card, you can just tap your card to a card reader, super easy right? But does this add any real convenience? I don't have to take my credit or debit card out of my wallet anymore, just tap my wallet to the reader, sounds cool, but saving 10 seconds?
We added a useless level of convenience, but with that convenience comes a trade off, as all conveniences seem to do, the initial release was unencrypted meaning... I can just walk up to you, wave a small wand, and walk away with everything. As I said earlier this technology is older, you can buy a scanner for a few dollars and you're golden. Lets dive in a little bit more.
Above you see a hidden RFID scanner, just a simple netbook sleeve, scanner inside, with a micro computer of some sort, can be a Raspberry Pi, can be a netbook, depends on what you have. Attach a sling to it, throw it over your shoulder, and anyone equipped with this looks very normal. And that is the beauty of this form of scam, hiding in plain site, the pinnacle of a good hacker or scammer, being so bold as to do it in your face without you even noticing.
With this slung over a scammers shoulder, they can walk around and bump into people on occasion, stagger a little, and poof all devices that transmit RFID information can be harvested. Scams like this do open up our eyes to the obvious security flaw and most RFID credit cards are now encrypted, but when was the last time encryption really stopped someone?
I'm not sure what the encryption level is on these guys, but I do know its not strong enough. With the new NFC payment systems, or Near Frequency Communication, that cell phones offer. I believe the days of the RFID credit card are numbered.
#scammers and #hackers will always be trying to find a flaw and exploit it quickly, I'm just shocked this is one of those bad boys that went un-noticed for so long, and yet its so easy. Until next time my goblins, be safe.
Blogger Comment
Facebook Comment