Tech researchers find cards vulnerable

Tech researchers find cards vulnerable

Tools

Story Published: Jan 26, 2008 at 1:39 PM PDT

Story Updated: Jan 26, 2008 at 1:39 PM PDT

By Associated Press

How vulnerable are contactless credit cards to identity theft and fraud by crooks intercepting their RFID signals?

Although these cards are encrypted, it's possible for thieves - or even law enforcement - to pluck an individual's information out of thin air, says Avi Rubin, a computer science professor at Johns Hopkins University.

In 2005, Rubin and a team of researchers cracked the encryption of an ExxonMobil Speedpass, a contactless payment device in the form of a key fob, carried in a test subject's pocket. They cloned the data into a laptop, drove to a gas station, and then, after retransmitting the data to a pump, charged gas to the Speedpass holder's account.

Later, ExxonMobil representatives visited Rubin at school and handed him eight Speedpass fobs. The researchers cracked them all, Rubin recalls. "I don't think they believed us until we demonstrated it to them."

Though ExxonMobil "routinely evaluates potential security enhancements to the Speedpass Network" to protect customers and their transactions, it hasn't changed the technology for the 6 million Speedpass fobs circulating in the United States, says Beth Snyder, a company spokeswoman.

To date, "no fraudulent purchases have ever been made with a cloned Speedpass device," she adds.

Still, Rubin recommends that holders wrap their fobs in aluminum foil to repel radiowaves that could be transmitted by hackers.

Tech Blogs

Weather & Traffic

Icon
Current Temp 80.0 °F
Mostly Cloudy
Video
More Weather

Resources and info you need to prepare for the switch to DTV.

Stay Connected

YouNews

This content requires the latest Adobe Flash Player and a browser with JavaScript enabled. Click here for a free download of the latest Adobe Flash Player.

Viewer Poll

How has Facebook changed your life?

  • I got a job through Facebook
  • I hooked up with old college/high school friends
  • It's how our family keeps in touch / updated
  • I learned odd new things about my friends
  • It's helped my business
  • I'm still on the fence about using it

Marketplace