In the United States, point of sale terminals are built to read magnetic striped data so when a contactless payment system is used, the data being sent is essentially the same data that would be on the magnetic stripe of a credit or debit card. If someone can intercept that data, it can easily be written onto another magnetic stripe and used to make purchases.
Paget’s firm is currently working on an RFID shield to protect contactless readers called Guard Bunny that would block incoming signals and alert the card owner.
“If you’re really feeling vulnerable right now and you want to fry the RFID… three seconds in the microwave will kill the chip,” Paget said. “Five seconds will set it on fire.”
On the first day of Shmoocon, Hak5 unveiled a new version of a powerful, yet inexpensive WiFi hacking tool that could be used for dead drops or to gather data remotely. The Mark IV Wifi Pineapple exploits a feature that allows wireless devices to automatically connect to familiar networks.
photo by Robert Scoble/flickr