Vulnerabilities in First-Generation RFID-enabled Credit Cards

by: Thomas Heydt-Benjamin, Daniel Bailey, Kevin Fu, Ari Juels, Tom O’hare

Financial Cryptography and Data Security (2008), pp. 2-14.

View FullText article

Reviews [Write a review of this article]

There are no reviews of this article

Find related articles from these CiteULike users

tshb

Find related articles with these CiteULike tags

card, contactless, rfid, security, smart, vulnerabilities

Abstract

RFID-enabled credit cards are widely deployed in the United States and other countries, but no public study has thoroughly analyzed the mechanisms that provide both security and privacy. Using samples from a variety of RFID-enabled credit cards, our study observes that (1) the cardholder’s name and often credit card number and expiration are leaked in plaintext to unauthenticated readers, (2) our homemade device costing around $150 effectively clones one type of skimmed cards thus providing a proof-of-concept implementation for the RF replay attack, (3) information revealed by the RFID transmission cross contaminates the security of RFID and non-RFID payment contexts, and (4) RFID-enabled credit cards are susceptible in various degrees to a range of other traditional RFID attacks such as skimming and relaying.

@incollection{citeulike:2460124, abstract = {RFID-enabled credit cards are widely deployed in the United States and other countries, but no public study has thoroughly analyzed the mechanisms that provide both security and privacy. Using samples from a variety of RFID-enabled credit cards, our study observes that (1) the cardholder’s name and often credit card number and expiration are leaked in plaintext to unauthenticated readers, (2) our homemade device costing around \$150 effectively clones one type of skimmed cards thus providing a proof-of-concept implementation for the RF replay attack, (3) information revealed by the RFID transmission cross contaminates the security of RFID and non-RFID payment contexts, and (4) RFID-enabled credit cards are susceptible in various degrees to a range of other traditional RFID attacks such as skimming and relaying.}, author = {Heydt-Benjamin, Thomas and Bailey, Daniel and Fu, Kevin and Juels, Ari and O’hare, Tom }, citeulike-article-id = {2460124}, doi = {10.1007/978-3-540-77366-5\_2}, journal = {Financial Cryptography and Data Security}, keywords = {card, contactless, rfid, security, smart, vulnerabilities}, pages = {2--14}, posted-at = {2008-03-03 09:47:48}, priority = {5}, title = {Vulnerabilities in First-Generation RFID-enabled Credit Cards}, url = {http://dx.doi.org/10.1007/978-3-540-77366-5\_2}, year = {2008} }

RIS record

TY - CHAP ID - citeulike:2460124 L3 - citeulike-article-id:2460124 TI - Vulnerabilities in First-Generation RFID-enabled Credit Cards JF - Financial Cryptography and Data Security SP - 2 EP - 14 N2 - RFID-enabled credit cards are widely deployed in the United States and other countries, but no public study has thoroughly analyzed the mechanisms that provide both security and privacy. Using samples from a variety of RFID-enabled credit cards, our study observes that (1) the cardholder’s name and often credit card number and expiration are leaked in plaintext to unauthenticated readers, (2) our homemade device costing around $150 effectively clones one type of skimmed cards thus providing a proof-of-concept implementation for the RF replay attack, (3) information revealed by the RFID transmission cross contaminates the security of RFID and non-RFID payment contexts, and (4) RFID-enabled credit cards are susceptible in various degrees to a range of other traditional RFID attacks such as skimming and relaying. KW - card KW - contactless KW - rfid KW - security KW - smart KW - vulnerabilities AU - Heydt-Benjamin, Thomas AU - Bailey, Daniel AU - Fu, Kevin AU - Juels, Ari AU - O’hare, Tom PY - 2008/// UR - http://dx.doi.org/10.1007/978-3-540-77366-5_2 ER -

RIS BibTeX