Report Blasts Holes in Contactless Card Security ClaimsBy Evan Schuman | Posted 10-30-2006
The groupcalling itself the RFID Consortium for Security and Privacyis a group of computer scientists from the University of Massachusetts at Amherst, RSA Laboratories and Innealta, with some nontraditional partners, including the San Francisco Bay Area Rapid Transit District (BART), the MIT Auto-ID Labs and the Programme for Advanced Contactless Technology (PROACT) at Graz University of Technology in Austria. The National Science Foundation funds much of the research, according to the group's Web site.
The group tested about 20 samples from various contactless credit cards and concluded that "the cardholder's name and often credit card number and expiration date are leaked in plain text to unauthenticated readers" and "our homemade device costing around $150 effectively clones one type of skimmed cards."
Perhaps of greatest concern is the report's conclusion that "RFID-enabled credit cards are susceptible in various degrees to a range of other traditional RFID attacks such as skimming and relaying."
Read the full story on eWEEK.com: Report Blasts Holes in Contactless Card Security Claims