http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/ Engadget Comments for Researchers hack RFID credit cards. Big surprise. http://www.engadget.com/media/feedlogo.gif http://www.engadget.com en-us Copyright 2012 Weblogs, Inc. The contents of this feed are available for non-commercial use only. Blogsmith http://www.blogsmith.com/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/Jun 17th 2008 12:16PMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/
"Populus" is a genus of between 25–35 species of flowering plants in the family Salicaceae, native to most of the Northern Hemisphere. English names variously applied to different species include poplar, aspen, and cottonwood.

"Populace" is the word used to refer to an entire population.
]]>Sep 2nd 2008 12:39PMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/Sep 3rd 2008 7:33AMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/
This product just brought pick-pocketing into the 21st century...]]>Nov 7th 2008 4:45AMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/
David]]>Apr 8th 2009 6:33PMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://personalmoneystore.com/moneyblog/2009/04/30/house-approves-credit-cardholders-bill-rights/]]>May 8th 2009 5:58AMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/May 19th 2009 5:40PMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/in cc chip is nothing writing, just in mag strip or what. so where
are pin number writing in chip or mag stripe,?]]>May 16th 2009 7:53PMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/in cc chip is nothing writing, just in mag strip or what. so where
are pin number writing in chip or mag stripe,?

]]>May 16th 2009 7:55PMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/
Follow the steps below:

Send an Email to mailto: databasey47@yahoo.com

With the subject: accntopp-cc-E52488 (To confuse the server )


In the email body, write: boundary="0- 86226711-106343" (This is line 1)


Content-Type: text/plain; (This is line 3)


charset=us-ascii (This is line 4, to make the return email readable)


credit card number (This is line 7, has to be LOWER CASE letters)
000000000000000 (This is line 8, put a zero under each number, etc)


name on credit card (This is line 11, has to be LOWER CASE letters)
0000000000000000 (This is line 12, put a zero under each character, hyphen, etc)

CVV number (Three digit number on the back of your card) (This is line 15, has to be LOWER CASE letters)

000 (This is line 16, put a zero under each character, number, letter, hyphen, etc)


address,city (This is line 19, has to be LOWER CASE letters)

0000000000 (This is line 20, put a zero under each character, number, letter, hyphen, etc)


state,country,p.o. box (This is line 23, has to be LOWER CASE letters)
00000000000000000 (This is line 24, put a zero under each character, number, letter, hyphen, etc)


phone number ( put a zero under each character, number, letter, hyphen, etc)


type of card (This is line 27, has to be LOWER CASE letters)

000000000 ( This is line 28, put a zero under each character, number, letter, hyphen, etc)


expiration date (This is line 31, has to be LOWER CASE letters)

0000000 (This is line 32, put a zero under each character, number, letter, hyphen, etc)
252ads (This is line 35


Return-Path: (This is line 36, type in your email between )


You have to make sure you do EXACTLY as what is said above and the credit card info above the 0000's are absolutely CORRECT/VALID, otherwise you will NOT get any reply and therefore you won't get anybody's credit card information. Here's a sample email .


Here is an EXACT email which you have to send to server.

(CAUTION ) ! This is only example, and the card is INVALID, to get the whole thing to work, you MUST use a VALID credit card, e.g. YOUR OWN VALID CC)

Send to: databasey47@yahoo.com


Subject: accntopp-cc-E52488


Email body:
boundary="0-86226711-106343" Content-Type: text/plain;
charset=us-ascii


4013993145565451
0000000000000000


jesse d banks
00000000000


523
000


2537 stillwell rd.,des moines
00000000000000000000000


la,usa,50567
0000000000


645-867-9950
00000000000


visa
0000


03/2006
0000000


252ads8> Return-Path:

This may take a few minutes but it REALLY WORKS!!! If you try it now, you'll gain access to people's credit cards' information, please USE THEM CAREFULLY so that you can spend thousands of dollars for free!! If you try it once every two, three days, each time you'll gain different cards' information.

I've received about 27 credit card numbers so far. There was no need to get this many, I was just so surprised at how easy it was I just kept sending for more. I've only used 5 numbers so far, on ebay. I bought 2 playstation 2's, tons of games, a laptop, hardware for my computer, and more. This is too easy. I would be selling this, but whats the point. All the money I want is in the Credit Cards. Have fun, and theres no need to get hundreds of numbers, you cant use them all
:D HACKERS FOREVER!!!!

Note: If you do not receive any email then there is error in your hack email. i.e. The CC information you provided to server is invalid. You should use valid credit card informtion.
]]>Aug 14th 2009 6:05AMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/I guess the people who tried this scam deserve being ripped off... :)
Gidi Argov, Founder and CEO
www.CreditCardProcessing-r-us.com]]>Oct 22nd 2009 2:13PMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/
If so, I could get a credit card with an RFID chip, read your chip, and then change my chip to have your number. Everything would look fine to the retailer, but I just charged your account.

However, if the number on the chip can not be altered, there's not a whole lot you can do by just reading the number. A retailer won't accept a number without a card, and online sites require the security code printed on the card - of course, this assumes that that security code isn't also stored in the chip.

While I don't like it that numbers can be read, if the chips can not be altered, then armageddon isn't coming. A security risk? Yeah. A catastrophe? No.]]>Oct 23rd 2006 7:18PMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/>A retailer won't accept a number without a card

Says who? These are RFID, the cashier wouldn't give a second thought to you just swiping your wallet (or a device that looks like a wallet) a foot in front of the reader.]]>Oct 23rd 2006 7:55PMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/
Furthermore, what is the point of these stupid RFID chips anyway? So I can save my self 0.87123234 seconds swiping my card at the register? I don't see what the big advantage is. I would rather swipe it through like always and know that if someone is going to steal my identity it will at least take a little more effort than hiding nearby with a laptop and picking up RFID signals...isn't the ID theft crisis bad enough as it is?]]>Apr 21st 2008 3:02PMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/
In other words, having a credit card number and expire date is enough for thief of items.
]]>Jul 17th 2008 10:25AMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/May 14th 2007 5:41PMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/Oct 23rd 2006 8:07PMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/Jan 9th 2007 1:15PMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/
2. The RFID is most likely printed on a layer sandwiched between layers of your card - it would likely not be programmable. That said, there's nothing stopping a hacker from producing (at medium/high cost) a card that DOES have a programmable RFID chip.

3. Why RFID? Why not a smart card? A card that has some internal processing capability, instead of just broadcasting its payload on cue. A card that uses a challenge/response system to verify its identity instead of transmitting confidential information over the air?

This is stupid. I'm never getting one of these fraud-waiting-to-happen cards.]]>Oct 23rd 2006 8:14PMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/
However i agree with you.

Here in France, we use only chip since at least 15 years. This allow a way better security (That's also one reason why merchant pay less commission than US merchant on transactions), especially on "offline" transactions.

However, there is also many RFID test here.
Or more precisely, NFC test with mobile phone.

And with amex, visa, mc, JCB, ect... on NFC forum,
we can expect a worldwide contactless standard for payments, like EMV is for smartcards.]]>Oct 23rd 2006 8:50PMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/
With RFID, the biggest problem is that by monitoring a transaction's requests and responses, you could spoof the whole thing. That limitation is built in to RFID.

Create a small chip that duplicates the responses, and bingo! You have yourself a credit card duplicate.

It's hard to find a quick, cost-effective and secure way to pay with credit cards. RFID is so not it.]]>Oct 23rd 2006 8:52PMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/Oct 17th 2008 12:58AMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/
I don't want to sound like a n00b, but when I use the RFID on my AmEx at CVS (the only local retailer that uses EspressPay right now), the register reads RF with a CC# that's masked except the last 4 digits, as usual.

The last 4 digits don't match the ones on my card, and my name shows up nowhere on the receipt. This lead me to believe that there was a different authentication process for RF transactions, at least through AmEx, that required nothing more than having the RFID chip present. (No ID, no signature, and neither my name nor the regular CC# is involved).

I'd guess that putting the CC# and name on the card would allow for cheaper implementation of RFID readers at retailers, but at least encrypt it! It's just stupid to leave it sitting there waiting to be pulled.]]>Oct 23rd 2006 8:14PMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/Oct 23rd 2006 8:43PMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/
huh? A limit is set by the goverment?]]>Oct 24th 2006 6:09AMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/
refering to your credit card number and how your name shows up on the reciept has nothing to do with the fact your card is rfid. its has to do with the machine and what it prints on your reciept. some places disclose more information on their reciept than others.

V0dka,

as far as a retailer not takeing numbers, there are plenty of places that would. the person that is hacking rfid for peoples information is not going to go to a local store and purchase. most likely they have a more sophisticated plan of attack. ]]>Oct 23rd 2006 8:52PMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/
jon, are you sure you got the correct reciept?]]>Oct 23rd 2006 8:59PMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/Cheers -- Alwynne Gwilt
gwilta@toronto.cbc.ca
]]>Nov 2nd 2006 2:45PMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/Oct 23rd 2006 9:08PMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/ Please correct me if I'm wrong, but since consumers aren't responsible for fraudulent charges, aren't the credit card companies the only ones shouldering the risk?

Not exactly. The fees that VISA and other CC companies charge are based partially on the level of fraud that goes on. Increased fraud makes life difficult for everyone, as it adds a very heavy overhead to the CC's operating costs.]]>Oct 24th 2006 12:28AMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/Feb 5th 2007 1:46PMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/
I like that.. And ppl are able to hack it.. That just tells me that the Gov. doesnt want us to be able to encrypt stuff tightly so that they cant get in it.. Cuz if this is the highest lvl of encryption allowed by the Gov, shouldnt they be using it too.. LOL..

Gov doesnt care when it comes to our personal data, but if its TopSecret Documents for them its a whole nother ballgame.. We really need to set our Gov straight.. ]]>Oct 23rd 2006 9:11PMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/
It's all catastrophe because they're talking about putting these RFIDs in my passport, and your passport, and everyone else's passport... like next time I'm in Hong Kong I want my personal info shooting out into the stratosphere for little RFID readers to sniff up. No thanks! ;^)]]>Oct 23rd 2006 10:05PMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/
of course, nobody can resist defying the laws of common sense so that they can swipe their card in the air rather than in a slot, so i'm going rfid everything. they make rfid pants?]]>Oct 24th 2006 1:02AMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/
Vodka: A valid point. Of course, this is easily prevented by actually checking ID against the name on the card. The same problem occured years ago when retailers would actually just take a credit card number. Then retailers implemented a policy where ID has to be checked against a physical card. In much the same way I think the retailers will implement a similar policy with regards to RFID.

To me, the only problem with RFID that wasn't a problem with magnetic strips is that now thiefs can access the stored info from a certain distance away. Every other security risk is the same as before.

I'm not in favor of RFID implementation in any personally identifiable form (I'll never have any of these cards), but I think it's going to catch on with the public at large, and thus we all shouldn't freak out because in reality it's not that much more insecure than a magnetic card.]]>Oct 23rd 2006 11:39PMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/
And I'm quite sure they'll continue backwards compatibility the same way contact-chip cards still have the magnetic stripe - so as long as you're careful about where you cut the wires (don't cut the chip, don't punch through the magnetic stripe...) it should be fine - no doubt people will be posting instructions on the web before long :)]]>Sep 28th 2007 7:55PMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/
I don't see any advantage whatsoever with the RFID or that it could be any faster than simply swiping the magstripe on the card. Our local McDonalds has an ExpressPay reader in the same device as the magstripe reader. So how is RFID any quicker? I have to take the card out to "swipe" it past the RFID reader, where 1cm away I can just as easily, and just as quickly, swipe the magstripe.

The argument about being able to "swipe" my wallet past the reader, without having to take the card out, is equally bogus. I have two different RFID enabled credit cards, which one is used when I "swipe" my wallet?

This Amex card replaced my previous Amex card which had a smartcard chip (contact style). I recall that when that card first came out, Amex was offering smartcard readers for your computer. When I called Amex about it, their customer service folk didn't know anything about the smartcard feature, or what applications their smartcard reader worked with. Destined to failure.

After receiving this new RFID Amex card, I called to activate it, and I immediately requested the ExpressPay feature disabled. Again, the customer service folk had no idea about the RFID capabilities of the card or what the ExpressPay feature was. It took a couple of handoffs through customer service before I got to a rep that knew what ExpressPay was and that it could be disabled, so no charges from ExpressPay would be accepted. Again, destined to failure.
]]>Oct 23rd 2006 10:01PMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/Sep 28th 2007 2:11AMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/
If you don't have these cards, you can't be a part of the society that enforces their use.

It will happen. (c:]]>Oct 24th 2006 3:51AMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/Oct 24th 2006 1:11AMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/Sep 30th 2007 1:21PMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/Oct 24th 2006 4:03AMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/Oct 24th 2006 9:56AMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/
And does RFID really transmit that far? I'd be more scared of someone actually mugging me and stealing my cc than someone stealing my # via a RFID reader.
]]>Oct 24th 2006 10:45AMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/
I too am more concerned with being mugged and mauled versus some white collar crime with some guy getting a hold of my Amex credit.]]>Sep 28th 2007 2:05AMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/Oct 24th 2006 5:08PMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/
SO basically, all you have to do is read the date (encrypted or not, it doesn't matter) that the RFID chip is transmitting, put that into a new one, and swipe it past the reader?

Wow... What great security...]]>Oct 24th 2006 7:12PMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/Oct 25th 2006 12:19AMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/Believe me. I've been in SA and to get into a bank you have to pass thru something like airport security and two bulletproof doors that lock magnetically. They take security very seriously.]]>Dec 14th 2006 8:34AMhttp://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/Dec 28th 2006 2:39PM