Researcher Hacks into Credit Card Magnetic Strips
WASHINGTON - Personally identifiable information baked into the magnetic strip on your credit card can be easily hijacked by hackers using lightweight tools, according to a warning from RFID security guru Adam Laurie.
At the Black Hat DC briefings here, Laurie announced the release of CHaP.py, a test program created to read chip and PIN credit cards using the EMV standard.
EMV, named for the three companies that developed the standard - Europay, MasterCard and VISA - handles authentication of credit and debit card payments.
Laurie, who works as chief security officer and director of U.K.-based The Bunker Secure Hosting Ltd., plans to integrate CHaP.py into the RFIDIOt, the popular open-source python library for exploring RFID devices.
The early version of CHaP.py only works with PC/SC readers, Laurie said during a Black Hat demo. However, it does support both the physical chip and RFID interfaces, meaning that AmEx Expresspay and MasterCard PayPass can be easily hacked.
He said the tool can be used to hijack sensitive information off the magnet strip, including the card owner's name, the primary credit card account number and other identifiable account information.
Using this data, a malicious attacker can use existing tools to clone the hacked credit card, he said.