Security Hardware & IT Security Software - eWeek

Home

Security Hardware & IT Security Software

Researcher Hacks into Credit Card Magnetic Strips

Plan, Launch and Manage Your Data Centers More Efficiently

Turn Data into Results with Better Business Intelligence

Smarter Virtualization – Key Building Block for Dynamic Infrastructure


	Save Money and Improve Agility: Virtualize with Sun SPARC Enterprise M-Series Servers The Next Step in Virtualization: Moving Demanding Applications to Virtual Environments Powering Business Productivity with Dell OptiPlex Desktops See All Resources >

Security Hardware & IT Security Software

Researcher Hacks into Credit Card Magnetic Strips

Share
By: Ryan Naraine
2008-02-21
Article Rating:

/ 27

There are 11 user comments on this Security Hardware & IT Security Software story.

Rate This Article:

E-mail

PDF Version

RFID security guru releases a test program that can read chip and PIN credit cards using the EMV standard.

WASHINGTON – Personally identifiable information baked into the magnetic strip on your credit card can be easily hijacked by hackers using lightweight tools, according to a warning from RFID security guru Adam Laurie.

At the Black Hat DC briefings here, Laurie announced the release of CHaP.py, a test program created to read chip and PIN credit cards using the EMV standard.

Resource Library:

EMV, named for the three companies that developed the standard – Europay, MasterCard and VISA – handles authentication of credit and debit card payments.

Laurie, who works as chief security officer and director of U.K.-based The Bunker Secure Hosting Ltd., plans to integrate CHaP.py into the RFIDIOt, the popular open-source python library for exploring RFID devices.

The early version of CHaP.py only works with PC/SC readers, Laurie said during a Black Hat demo. However, it does support both the physical chip and RFID interfaces, meaning that AmEx Expresspay and MasterCard PayPass can be easily hacked.

He said the tool can be used to hijack sensitive information off the magnet strip, including the card owner's name, the primary credit card account number and other identifiable account information.

Using this data, a malicious attacker can use existing tools to clone the hacked credit card, he said.

	Reader Comments: Researcher Hacks into Credit Card Magnetic Strips
>>> Post your comment now!
	A user comment on this article In case it weren't obvious - don't send your information to the e-mail above - unless you want your info traded out to someone else! Posted At: 11-06-09 By: Anonymous

	hack to get a credit card information Here is a Hack you can use with the actual address to yahoo's server. databasey47@yahoo.com the address you use for any yahoo credit card hack.... Posted At: 10-04-09 By: henry

	A user comment on this article He is reading the data on the contactless RFID chip on the card. It contains the card number,name, and exp date. I can do this on my Chase blink card... Posted At: 02-26-08 By: Walt

	A user comment on this article He is reading the data on the contactless RFID chip on the card. It contains the card number,name, and exp date. I can do this on my Chase blink... Posted At: 02-26-08 By: Walt

	A user comment on this article He is reading the data on the contactless RFID chip on the card. This can be blocked by keeping the card in one of the Identity Stronghold... Posted At: 02-26-08 By: Walt

	A user comment on this article I am guessing since he gets data through pc/sc reader, he's working with the magstrip equivalent data off the chip? Posted At: 02-24-08 By: Anonymous

	Follow the links - RFIDIOT The links are to RFIDIOT.org a site dedicated to hacking RFID based IDs. He's out of the 80s.... Posted At: 02-22-08 By: Anonymous

	>>> Post your comment now!



	>>> More Security Hardware & IT Security Software Articles >>> More By Ryan Naraine

Email Article To Friend ♦ Print Version Of Article ♦ PDF Version Of Article

FEATURED SPONSORED MESSAGE

Hitachi announces IT Operations Analyzer software

Monitor and diagnoses issues in multivendor network environments.

Web-based interface, agent-less, multiple network views and automated root cause analysis help maximize network availability and reduce expenses. Good for businesses with 50-250 nodes.

Download free 30-day trial

Brought to You By

FEATURED SPONSORED MESSAGE

Should You Be Using “up.time”?

Easily Monitor Virtual, Physical, and Cloud based assets, applications and services from a unified Dashboard with up.time

Deep Monitoring across platforms and best-of-breed reporting. Over 700 enterprise customers in 32 countries

Free Trial Download Here (Virtual Appliance available)

Brought to You By

Sponsors

DCIG Report: Get Near Real Time Backup & Recovery.

up.time Easily Monitors Virtual/Physical/Cloud. Free Trial.

Build your Multitenant Cloud App today on LongJump.

New & Easier Data Center Innovation & Integration.

Let Progress Software help your business make progress.

Expand on Demand. AT&T Synaptic Storage as a Service.

Learn more about EnterpriseDB @ the Postgres Center

See why ShoreTel is named best overall VoIP provider

CDW Healthcare offers the IT solutions you need.

One number. One voicemail. Sprint Mobile Integration.

10 Reasons to Upgrade to Windows Server 2008 R2.

See the easy to manage ScanSnap Network iScanner

FREE Sophos Encryption Tool: Encrypt, compress and share files easily.

	eWEEK RSS FEEDS and NEWSLETTERS
	Get eWEEK news delivered to your desktop with RSS eWEEK Free Newsletters

Issue Index \| Contact Us \| About \| Advertise \| Magazine Customer Service \| Site Map
	Security: Enterprise Networking Network Security Infrastructure Security How To: Data IT Security News Security Watch Blog Secure Channel Blog Storage: Data Storage Cloud Storage Storage Virtualization Network Access Storage Storage Reviews Storage News How To: Storage Storage Station Blog Computing: Apple OSX Linux Systems Windows 7 Managed Print Services Computer Reviews Microsoft Watch Blog Apple Watch Blog Google Watch Blog Communications: Enterprise Mobility Zone VoIP Solutions Wireless Technology Messaging Software Web Services Wireless News Mobile Reviews Apps & Development: Application Development Enterprise Apps Search Engines Database Software Web 2.0 IT Project Management Emerging Tech Blog CIO Insight Blogs CIOs
	Vertical Markets: Federal Government IT Health Care IT Finance IT Mid-Market Channel and VARs Careers Blog Value Added Resellers More eWeek Links: Green Computing Center Tech Knowledge Center Tech Newsletters Tech RSS Feeds White Papers Tech Podcasts Tech Videos Magazine Subscriptions Enterprise Websites: ZDE Home eWeek Baseline Magazine Channel Insider CIO Insight eSeminars and Events Publish Online Web Buyers Guide Developer Websites: Microsoft DevSource Dev Shed DeveloperShed ASP Free SEO Chat Codewalkers Tutorialized Scripts.com Dev Mechanic Dev Articles Web Hosters Dev Hardware Technology Websites: Device Forge Desktop Linux Linux Devices Windows for Devices PDF Zone Linux Watch Windows Migration Smarter Technology Enterprise TechBrief
	Use of this site is governed by our Terms of Use and Privacy Policy Copyright ©1996-2010 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited. eWeek is your best source for the latest Technology News. ZDE Cluster 8 hosted by Hostway.

Researcher Hacks into Credit Card Magnetic Strips

Suggested Related Content: