Published on February 2nd, 2016 | by Guest0
RFID cards – threats and how to prevent them
Many smartphone apps are being detected to be able to hack into a user’s RFID contactless card to recharge the credits. What is the mechanism behind such apps and above all, what are the security risks associated with the RFID-based payment cards?
Payments made via RFID cards are becoming increasingly popular now-a-days owing to the fact that more and more mobile devices are offering NFC support. Different service providers like banks, merchants or even the public services issue RFID-based cards with prepaid credits to their consumers.
What is RFID?
RFID refers to Radio-Frequency Identification. RFID can be defined as the practice of using radio waves to read and capture data stored on a tag affixed to an object. RFID devices and barcodes or magnetic strips serve the same purpose attached on the back of a credit or debit card. It provides a unique identification for the card and just the way a barcode or a magnetic strip need to be scanned in order to retrieve information; RFID cards must also be scanned to get the identifying information. These tags can be read from several feet away and they don’t require being within the reader’s direct line of sight to be tracked.
Security threats with RFID cards
Owing to the fact that RFID cards are widely used, they have become targeted by the hackers. RFID cards are smartcards which are MIFARE-based. MIFARE is a family of chips used widely in contactless proximity cards and smart cards.
Looking at the code of the latest apps capable of hacking into a user’s RFID contactless card, it is found that they run on devices equipped with technologies supporting contactless payments such as NFC. They can read and write on these cards. The malicious apps write predefined data on the card and raise the user’s balance. This particular trick is most common for cloning of contactless cards. However, many other tricks have also captured space.
You would be wondering that how was it able to rewrite the card’s information despite the unavailability of the authentication keys? This is due to the fact that these cards have been built on an older version of the MIFARE card series – MIFARE Classic – known to have various security issues. An attacker is able to clone a RFID card within 10 seconds and the equipment is already being sold online.
Using easily available tools an attacker can crack a contactless card’s authentication key. Within the native NFC support in the device and the cracked key, cloning a contactless card can be easily implemented within an app.
Preventing RFID Theft
Even since the advent of RFID objects, the security of the users’ personal information had become a concern. Owing to the same concern, a number of credit and debit card providers brought a range of so-called secure RFID cards to the markets. These products were designed targeted to prevent the illegal hacking of RFID cards.
If one needs somewhere safe to store his RFID card, they can try storing two RFID cards next to each other inside their wallet. Using shields for protection is also considered an effective way to preventing RFID theft. A RFID pouch or holder may prove to be a good option. These accessories feature a special blocking layer within their fabric for preventing illegal scanning of the information stored on your card.
The concerns surrounding wireless identity theft are becoming more popular. Many people like to wear money belts and thus RFID protecting money belts are increasingly becoming a suitable option now-a-days.
Periodically, they must check their account balance, card statement for any unusual activities. And, should also check if any of the cards they are using currently are vulnerable and report the same to their issuers.
The MIFARE models particularly were discontinued sometimes back and at the same time were supplemented with more secure models. However, contactless card issuers seem to have opted for cheaper solutions which put the users at risk.
It is recommendable that the users take steps to protect the contactless cards in their possession.
About the author:
The article is authored by Mahindra Comviva Team. Mahindra Comviva is the global leader in providing mobility solutions. It is a subsidiary of Tech Mahindra and a part of the USD 16.5 billion Mahindra Group. With an extensive portfolio spanning mobile finance, content, infotainment, messaging and mobile data solutions, Mahindra Comviva enables service providers to enhance customer experience, rationalize costs and accelerate revenue growth.